Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1216
Views
5
Helpful
1
Replies

External Syslog in ISE

Neelesh Marathe
Cisco Employee
Cisco Employee

‎07-30-2018 10:37 AM

Hello Team,

 

I am working with India's largest bank for ISE Implementation. Bank has total 18 nodes installed across two locations. We have configured IBM QRADAR as external syslog server. Syslog team is receiving logs from all the PSNs however they are not seeing any logs from Monitoring and Admin node. Based on their observation, bank has raised following queries

 

1. Does Admin and MnT node sends log to external server? if yes, which types of logs are being sent by MnT and Admin node?

2. Is it possible to send logs only from monitoring node to external syslog server instead of all PSN sending logs to server?

 

Thanks,

Neelesh Marathe

0 Helpful
1 Reply 1

Timothy Abbott
Cisco Employee
Cisco Employee

‎07-30-2018 11:03 AM

Admin and MnT nodes can send syslog data to a remote target but only for logs that apply to their specific function in a deployment.  You will see the bulk of logging events being sent from the PSNs because they handle endpoint authentications.  If you want health data or operational information from the Admin and MnT nodes, you will want to include the remote target for those particular categories.  Just keep in mind that you will also get the same information from the PSNs since logging is a global setting in a deployment.  To my knowledge, you can't have the MnT send logs on behalf of the PSNs.  Hope this helps.

 

Regards,

Tim

Customers Also Viewed These Support Documents