Solved: Re: Can ISE Distributed PSNs Log to Regional SIEM?

khepburn · ‎11-01-2017

Is there a method, or workaround, to limit logging to a regional SIEM for PSNs in that region?

As far as I have read, and understand, logging (and collection filtering) is configured globally, and there is no way to configure ISE logging to only send logging traffic generated from PSNs within a region (e.g. APAC) to log to a local SIEM configured as a Remote Logging Target also within that region. Has anyone come across a solution or workaround, apart from a separate ISE deployment in the region?

I still require logging to MnT nodes and possibly other remote logging targets for other PSNs in the Cube.

Thank-you

Keith

Craig Hyps · ‎11-02-2017

It is possible to use DNS to resolve to a local target based on PSN's DNS config or intelligent DNS. You could use Anycast so that logging target selected is closest destination based on routing metrics. You can also have a local host entry in PSN to force resolution to a local target.

View solution in original post

Nidhi · ‎11-01-2017

Hello,

You cannot configure each PSN to send logs to different logging server today.

But you can raise this request to ise-pm mailer.

Thanks,

Nidhi

Craig Hyps · ‎11-02-2017

It is possible to use DNS to resolve to a local target based on PSN's DNS config or intelligent DNS. You could use Anycast so that logging target selected is closest destination based on routing metrics. You can also have a local host entry in PSN to force resolution to a local target.