Configuring a remote logging target in Cisco ISE

To forward syslog events to IBM® QRadar®, you must configure your Cisco ISE appliance with a remote logging target.


  1. Log in to your Cisco ISE Administration Interface.
  2. From the navigation menu, select Administration > System > Logging > Remote Logging Targets.
  3. Click Add, and then configure the following parameters:
    Option Description
    Name Type a unique name for the remote target system.
    Description You can uniquely identify the target system for users.
    IP Address Type the IP address of the QRadar Console or Event Collector.
    Port Type 517 or use the port value that you specified in your Cisco ISE log source for QRadar
    Facility Code From the Facility Code list, select the syslog facility to use for logging events.
    Maximum Length Type 1024 as the maximum packet length allowed for the UDP syslog message.
  4. Click Submit.

What to do next

Configure the logging categories that are forwarded by Cisco ISE to QRadar.