Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
520
Views
0
Helpful
2
Replies

ISE offloading syslogs real time to MARS

bob.bartlett
Level 1
Level 1

‎04-30-2013 04:30 PM - edited ‎03-10-2019 08:22 PM

I am working on my implementation of ISE and I want to offload real time logs from ISE to MARS.  Is this possible and is there anything special that is needed to perform this?                  

Labels:
0 Helpful
2 Replies 2

Octavian Szolga
Level 4
Level 4

‎05-01-2013 12:55 PM

ISE can export all the logs you want in syslog format.

Check http://www.cisco.com/en/US/docs/security/ise/1.1.1/user_guide/ise_logging.html#wpxref47217

0 Helpful

Venkatesh Attuluri
Cisco Employee
Cisco Employee

‎05-21-2013 02:36 AM

To collect logs externally, you configure external syslog servers, called targets.Logging targets are locations where the system logs are collected. In Cisco ISE, targets refer to the IP addresses of the servers that collect and store logs. You can generate and store logs locally, or you can FTP them to an external server. Cisco ISE has the following default targets, which are dynamically configured in the loopback addresses of the local system:

•LogCollector—Default syslog target for the Log Collector.

•ProfilerRadiusProbe—Default syslog target for the Profiler Radius Probe.

To create an external logging target, complete the following steps:

--------------------------------------------------------------------------------

Step 1 From the ISE Administration Interface, choose Administration > System > Logging > Remote Logging Targets.

The Remote Logging Targets page appears.

Click Add.

Step 2 The Log Collector page appears.

Step 3 Configure the following fields:

a. Name—Enter the name of the new target.

b. Target Type—By default it is set to Syslog. The value of this field cannot be changed.

c. Description— Enter a brief description of the new target.

d. IP Address—Enter the IP address of the destination machine where you want to store the logs.

e. Port—Enter the port number of the destination machine.

f. Facility Code—Choose the syslog facility code to be used for logging. Valid options are Local0 through Local7.

g. Maximum Length— Enter the maximum length of the remote log target messages. Valid options are from 200 to 1024 bytes.

Step 4 Click Save.

0 Helpful
Customers Also Viewed These Support Documents