Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1194
Views
0
Helpful
4
Replies

Monitoring ISE node as syslog destination

Go to solution
Kashish_Patel
Level 2
Level 2

‎07-17-2012 08:32 PM - edited ‎03-10-2019 07:18 PM

Hi Security Experts,

We are setting up Cisco ISE (Identity Services Engine) in our network.

I have the confusion if we need to configure monitoring node IP address as the syslog destination on the access switches. In what situations is this needed and in which situations is it not needed?

PS: I rate useful posts.

Thanks,

Kashish

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Tarik Admani
VIP Alumni
VIP Alumni

‎07-17-2012 08:37 PM

Kashish,

When you look at the user authentication report, ISE also builds related syslog messages that pertain to the user connection.

This isnt mandatory but useful since it does help correlate syslog messages to the user authentication session. Here is an example of it in action:

http://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_troubleshooting.html#wp1050132

Thanks,

Tarik Admani
*Please rate helpful posts*

View solution in original post

0 Helpful

Go to solution
Tarik Admani
VIP Alumni
VIP Alumni
In response to Kashish_Patel

‎07-17-2012 09:22 PM

Exactly, ISE will attached the relevant syslog data (if you have it configured) to the report. The radius authentication will still appear no matter what.

Thanks,

Tarik Admani
*Please rate helpful posts*

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Tarik Admani
VIP Alumni
VIP Alumni

‎07-17-2012 08:37 PM

Kashish,

When you look at the user authentication report, ISE also builds related syslog messages that pertain to the user connection.

This isnt mandatory but useful since it does help correlate syslog messages to the user authentication session. Here is an example of it in action:

http://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_troubleshooting.html#wp1050132

Thanks,

Tarik Admani
*Please rate helpful posts*

0 Helpful

Go to solution
Kashish_Patel
Level 2
Level 2
In response to Tarik Admani

‎07-17-2012 09:00 PM

Thanks Tarik.

So you mean that even if we don't configure monitoring ISE node IP as syslog destination on access switches, even then ISE gives details of user authentication.

Configuring the IP gives us additional details, right?

Thanks,

Kashish

0 Helpful

Go to solution
Tarik Admani
VIP Alumni
VIP Alumni
In response to Kashish_Patel

‎07-17-2012 09:22 PM

Exactly, ISE will attached the relevant syslog data (if you have it configured) to the report. The radius authentication will still appear no matter what.

Thanks,

Tarik Admani
*Please rate helpful posts*

0 Helpful

Go to solution
Kashish_Patel
Level 2
Level 2
In response to Tarik Admani

‎07-17-2012 09:35 PM

Thanks Tarik. That answers my question.

0 Helpful
Customers Also Viewed These Support Documents