12-07-2022 07:04 AM
Hi Experts,
The remote logging targets has been configured and required logging categories are assigned to this remote logging target.
For which ISE node is the syslog port needs to be opened on firewall? Its going to be port UDP/514 for MnT or PAN?
Since, this is a fully distributed deployment need some kind of confirmation on the approach.
Any pointers will be helpful.
Solved! Go to Solution.
12-08-2022 12:26 AM
Hi @dgaikwad,
You need to allow all ISE nodes to send syslog messages. You can see that in Cisco ISE Port Reference. You can configure port and protocol when defining Remote Logging Target (by default it is UDP/514).
Kind regards,
Milos
12-07-2022 09:21 AM
If you looking to send all logs to syslog, i would add all nodes IP in Firewall to allow syslog port you configured on each device to send logs.
12-08-2022 12:26 AM
Hi @dgaikwad,
You need to allow all ISE nodes to send syslog messages. You can see that in Cisco ISE Port Reference. You can configure port and protocol when defining Remote Logging Target (by default it is UDP/514).
Kind regards,
Milos
12-15-2022 02:20 AM
Yes, this configuration makes sense, the ports document shows the same.
As per design all the nodes are sending syslog individually to MnT nodes, thus if the same copy us to be sent to external remote logging target then the ports for all the nodes are to be allowed to syslog server.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide