Solved: Re: Remote logging targets and ISE

dgaikwad · ‎12-07-2022

Hi Experts,

The remote logging targets has been configured and required logging categories are assigned to this remote logging target.
For which ISE node is the syslog port needs to be opened on firewall? Its going to be port UDP/514 for MnT or PAN?
Since, this is a fully distributed deployment need some kind of confirmation on the approach.

Any pointers will be helpful.

Milos_Jovanovic · ‎12-08-2022

Hi @dgaikwad,

You need to allow all ISE nodes to send syslog messages. You can see that in Cisco ISE Port Reference. You can configure port and protocol when defining Remote Logging Target (by default it is UDP/514).

Kind regards,

Milos

View solution in original post

balaji.bandi · ‎12-07-2022

If you looking to send all logs to syslog, i would add all nodes IP in Firewall to allow syslog port you configured on each device to send logs.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Milos_Jovanovic · ‎12-08-2022

Hi @dgaikwad,

You need to allow all ISE nodes to send syslog messages. You can see that in Cisco ISE Port Reference. You can configure port and protocol when defining Remote Logging Target (by default it is UDP/514).

Kind regards,

Milos

dgaikwad · ‎12-15-2022

Yes, this configuration makes sense, the ports document shows the same.
As per design all the nodes are sending syslog individually to MnT nodes, thus if the same copy us to be sent to external remote logging target then the ports for all the nodes are to be allowed to syslog server.