Lab Minutes Forum

Technical Discussion => Security => Topic started by: gvoden on June 06, 2016, 01:45:04 PM

Title: Cisco ISE logging to external syslog - distributed deployment
Post by: gvoden on June 06, 2016, 01:45:04 PM
Hi all,

we have a distributed Cisco ISE deployment with 4 PSN's. We have configured logging to external syslog (Splunk) which works fine. The question is, does each PSN send syslog individually, it seems to be the case. And is there a way to configure PSNs in a primary Data Center to log to a local collector and PSNs in recovery Data Center to log to their local collector?
There is no option in the CLI or the GUI, this is ISE 1.4.
Title: Re: Cisco ISE logging to external syslog - distributed deployment
Post by: MC on June 13, 2016, 09:42:09 PM
I believe the each PSN generate their own log and by default send to monitoring node unless you configure external log target. I don't think you can each PSN send syslog to different syslog server though as log target is added globally.