Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
540
Views
2
Helpful
1
Replies

Need help to understand ISE MnT node source of log feeding

Go to solution
rezaalikhani
Spotlight
Spotlight

‎08-24-2023 12:42 PM - edited ‎08-24-2023 12:43 PM

Hi all;

consider the following figure, captured from "Designing ISE for Scale & High Availability" Cisco Live session in 2018:

1.png

As you can see, it mentions that NADs and ASAs can directly send SYSLOG messages to MnT nodes! (as far as I know, MnT nodes can only process SYSLOG messages from PSNs and PANs...)

Can anyone confirm that?

 

1 Accepted Solution

Accepted Solutions

Go to solution
Greg Gibbs
Cisco Employee
Cisco Employee

‎08-24-2023 03:59 PM

Technically the MnT can collect these logs, but it's not best practice to do so.
Sending syslog from the NADs was only ever intended as a temporary solution for troubleshooting. I don't believe the log correlation from the ASA is still a thing.

In general, we would recommend sending syslog from various NADs, Firewalls, and ISE nodes to a SIEM (like Splunk) for correlation and reporting (especially for historical logging)

View solution in original post

1 Reply 1

Go to solution
Greg Gibbs
Cisco Employee
Cisco Employee

‎08-24-2023 03:59 PM

Technically the MnT can collect these logs, but it's not best practice to do so.
Sending syslog from the NADs was only ever intended as a temporary solution for troubleshooting. I don't believe the log correlation from the ASA is still a thing.

In general, we would recommend sending syslog from various NADs, Firewalls, and ISE nodes to a SIEM (like Splunk) for correlation and reporting (especially for historical logging)

Customers Also Viewed These Support Documents