cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
464
Views
10
Helpful
3
Replies

Remote logging targets and ISE

dgaikwad
Contributor
Contributor

Hi Experts,

The remote logging targets has been configured and required logging categories are assigned to this remote logging target.
For which ISE node is the syslog port needs to be opened on firewall? Its going to be port UDP/514 for MnT or PAN?
Since, this is a fully distributed deployment need some kind of confirmation on the approach.

Any pointers will be helpful.

1 Accepted Solution

Accepted Solutions

Milos_Jovanovic
Engager
Engager

Hi @dgaikwad,

You need to allow all ISE nodes to send syslog messages. You can see that in Cisco ISE Port Reference. You can configure port and protocol when defining Remote Logging Target (by default it is UDP/514).

Kind regards,

Milos

View solution in original post

3 Replies 3

balaji.bandi
VIP Community Legend VIP Community Legend
VIP Community Legend

If you looking to send all logs to syslog, i would add all nodes IP in Firewall to allow syslog port you configured on each device to send logs.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Milos_Jovanovic
Engager
Engager

Hi @dgaikwad,

You need to allow all ISE nodes to send syslog messages. You can see that in Cisco ISE Port Reference. You can configure port and protocol when defining Remote Logging Target (by default it is UDP/514).

Kind regards,

Milos

dgaikwad
Contributor
Contributor

Yes, this configuration makes sense, the ports document shows the same.
As per design all the nodes are sending syslog individually to MnT nodes, thus if the same copy us to be sent to external remote logging target then the ports for all the nodes are to be allowed to syslog server.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers