12-07-2022 07:04 AM
Hi Experts,
The remote logging targets has been configured and required logging categories are assigned to this remote logging target.
For which ISE node is the syslog port needs to be opened on firewall? Its going to be port UDP/514 for MnT or PAN?
Since, this is a fully distributed deployment need some kind of confirmation on the approach.
Any pointers will be helpful.
Solved! Go to Solution.
12-08-2022 12:26 AM
Hi @dgaikwad,
You need to allow all ISE nodes to send syslog messages. You can see that in Cisco ISE Port Reference. You can configure port and protocol when defining Remote Logging Target (by default it is UDP/514).
Kind regards,
Milos
12-07-2022 09:21 AM
If you looking to send all logs to syslog, i would add all nodes IP in Firewall to allow syslog port you configured on each device to send logs.
12-08-2022 12:26 AM
Hi @dgaikwad,
You need to allow all ISE nodes to send syslog messages. You can see that in Cisco ISE Port Reference. You can configure port and protocol when defining Remote Logging Target (by default it is UDP/514).
Kind regards,
Milos
12-15-2022 02:20 AM
Yes, this configuration makes sense, the ports document shows the same.
As per design all the nodes are sending syslog individually to MnT nodes, thus if the same copy us to be sent to external remote logging target then the ports for all the nodes are to be allowed to syslog server.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: