Solved: Does ISE also send alarms via syslog to remote logging server?

dgaikwad · ‎06-01-2021

Hello Experts,
I am in middle of integrating ISE with our QRadar (SIEM tool) and in the remote logging categories I see a lot of categories.
And when I check the dashboard I also see that there are these alarms that are generated by ISE.
I want to create rules and alerts in SIEM tool based on these alarms.

So does ISE send these alarms to syslog servers?
Which category do they form a part off?
How would I verify if the alarms are being sent to the syslog server?

Any pointers appreciated.

lrojaslo · ‎06-01-2021

There are 2 things you need to take in consideration:

1- Under Alarm settings, select the desired alarm and click on edit, you will find a check box "Send Syslog Message"

2- Create a new remote logging target for your external syslog as UDP syslog (preferable) and select "Include Alarms For this Target".

You should be able to see any alarms on the Qradar side or gathering collector and/or ise-psc logs on ISE.

View solution in original post

lrojaslo · ‎06-01-2021

There are 2 things you need to take in consideration:

1- Under Alarm settings, select the desired alarm and click on edit, you will find a check box "Send Syslog Message"

2- Create a new remote logging target for your external syslog as UDP syslog (preferable) and select "Include Alarms For this Target".

You should be able to see any alarms on the Qradar side or gathering collector and/or ise-psc logs on ISE.