Solved: Does ISE also send alarms via syslog to remote logging server?

dgaikwad · ‎06-01-2021

Hello Experts,
I am in middle of integrating ISE with our QRadar (SIEM tool) and in the remote logging categories I see a lot of categories.
And when I check the dashboard I also see that there are these alarms that are generated by ISE.
I want to create rules and alerts in SIEM tool based on these alarms.

So does ISE send these alarms to syslog servers?
Which category do they form a part off?
How would I verify if the alarms are being sent to the syslog server?

Any pointers appreciated.

lrojaslo · ‎06-01-2021

There are 2 things you need to take in consideration:

1- Under Alarm settings, select the desired alarm and click on edit, you will find a check box "Send Syslog Message"

2- Create a new remote logging target for your external syslog as UDP syslog (preferable) and select "Include Alarms For this Target".

You should be able to see any alarms on the Qradar side or gathering collector and/or ise-psc logs on ISE.

View solution in original post

lrojaslo · ‎06-01-2021

There are 2 things you need to take in consideration:

1- Under Alarm settings, select the desired alarm and click on edit, you will find a check box "Send Syslog Message"

2- Create a new remote logging target for your external syslog as UDP syslog (preferable) and select "Include Alarms For this Target".

You should be able to see any alarms on the Qradar side or gathering collector and/or ise-psc logs on ISE.

Does ISE also send alarms via syslog to remote logging server?

Doc-Cisco ISE Posture p/ VPN de Acceso Remoto con Cisco Secure Client

【原创】N5K syslog server配置

ISE - O que precisamos saber sobre DNS Server

Nexus 9000 シリーズ:logging server で設定した Severity Level の値が表示されない

Logging em Roteadores e Switches Cisco