cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2342
Views
10
Helpful
3
Replies

Remote logging targets and ISE

dgaikwad
Level 5
Level 5

Hi Experts,

The remote logging targets has been configured and required logging categories are assigned to this remote logging target.
For which ISE node is the syslog port needs to be opened on firewall? Its going to be port UDP/514 for MnT or PAN?
Since, this is a fully distributed deployment need some kind of confirmation on the approach.

Any pointers will be helpful.

1 Accepted Solution

Accepted Solutions

Milos_Jovanovic
VIP Alumni
VIP Alumni

Hi @dgaikwad,

You need to allow all ISE nodes to send syslog messages. You can see that in Cisco ISE Port Reference. You can configure port and protocol when defining Remote Logging Target (by default it is UDP/514).

Kind regards,

Milos

View solution in original post

3 Replies 3

balaji.bandi
Hall of Fame
Hall of Fame

If you looking to send all logs to syslog, i would add all nodes IP in Firewall to allow syslog port you configured on each device to send logs.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Milos_Jovanovic
VIP Alumni
VIP Alumni

Hi @dgaikwad,

You need to allow all ISE nodes to send syslog messages. You can see that in Cisco ISE Port Reference. You can configure port and protocol when defining Remote Logging Target (by default it is UDP/514).

Kind regards,

Milos

dgaikwad
Level 5
Level 5

Yes, this configuration makes sense, the ports document shows the same.
As per design all the nodes are sending syslog individually to MnT nodes, thus if the same copy us to be sent to external remote logging target then the ports for all the nodes are to be allowed to syslog server.