Configuring a remote logging target in Cisco ISE
To forward syslog events to IBM® QRadar®, you must configure your Cisco ISE appliance with a remote logging target.
- Log in to your Cisco ISE Administration Interface.
- From the navigation menu, select .
Click Add, and then configure the following parameters:
Option Description Name Type a unique name for the remote target system. Description You can uniquely identify the target system for users. IP Address Type the IP address of the QRadar Console or Event Collector. Port Type 517 or use the port value that you specified in your Cisco ISE log source for QRadar Facility Code From the Facility Code list, select the syslog facility to use for logging events. Maximum Length Type 1024 as the maximum packet length allowed for the UDP syslog message.
- Click Submit.
Configure the logging categories that are forwarded by Cisco ISE to QRadar.