To forward syslog events to IBM
QRadar, you must configure your
Cisco ISE appliance with a remote logging target.
Procedure
-
Log in to your Cisco ISE Administration Interface.
-
From the navigation menu, select .
-
Click Add, and then configure the following parameters:
| Option |
Description |
|---|
| Name |
Type a unique name for the remote target system. |
| Description |
You can uniquely identify the target system for users. |
| IP Address |
Type the IP address of the QRadar
Console or Event Collector. |
| Port |
Type 517 or use the port value that you specified in your Cisco ISE
log source for QRadar |
| Facility Code |
From the Facility Code list, select the syslog facility to use for
logging events. |
| Maximum Length |
Type 1024 as the maximum packet length allowed for the UDP syslog
message. |
-
Click Submit.
What to do next
Configure the logging categories that are forwarded by Cisco ISE to QRadar.