Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Monitoring ISE node as syslog destination

Hi Security Experts,

We are setting up Cisco ISE (Identity Services Engine) in our network.

I have the confusion if we need to configure monitoring node IP address as the syslog destination on the access switches. In what situations is this needed and in which situations is it not needed?

PS: I rate useful posts.

Thanks,

Kashish

2 ACCEPTED SOLUTIONS

Accepted Solutions

Monitoring ISE node as syslog destination

Kashish,

When you look at the user authentication report, ISE also builds related syslog messages that pertain to the user connection.

This isnt mandatory but useful since it does help correlate syslog messages to the user authentication session. Here is an example of it in action:

http://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_troubleshooting.html#wp1050132

Thanks,

Tarik Admani
*Please rate helpful posts*

Tarik Admani *Please rate helpful posts*

Monitoring ISE node as syslog destination

Exactly, ISE will attached the relevant syslog data (if you have it configured) to the report. The radius authentication will still appear no matter what.

Thanks,

Tarik Admani
*Please rate helpful posts*

Tarik Admani *Please rate helpful posts*
4 REPLIES

Monitoring ISE node as syslog destination

Kashish,

When you look at the user authentication report, ISE also builds related syslog messages that pertain to the user connection.

This isnt mandatory but useful since it does help correlate syslog messages to the user authentication session. Here is an example of it in action:

http://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_troubleshooting.html#wp1050132

Thanks,

Tarik Admani
*Please rate helpful posts*

Tarik Admani *Please rate helpful posts*
New Member

Monitoring ISE node as syslog destination

Thanks Tarik.

So you mean that even if we don't configure monitoring ISE node IP as syslog destination on access switches, even then ISE gives details of user authentication.

Configuring the IP gives us additional details, right?

Thanks,

Kashish

Monitoring ISE node as syslog destination

Exactly, ISE will attached the relevant syslog data (if you have it configured) to the report. The radius authentication will still appear no matter what.

Thanks,

Tarik Admani
*Please rate helpful posts*

Tarik Admani *Please rate helpful posts*
New Member

Monitoring ISE node as syslog destination

Thanks Tarik. That answers my question.

690
Views
0
Helpful
4
Replies
CreatePlease to create content