Cisco Identity Services Engine (ISE)

Samurai [Local] CollectorSamurai [Cloud] Collector
Picture1.svg

This guide describes the steps required to configure Cisco Identity Services Engine to send logs to a Samurai Local Collector deployed in your network.

Connectivity Requirements

You must ensure the following connectivity requirements are available:

SourceDestinationPortsDescription
Cisco ISESamurai Local CollectorTCP/514 (syslog)For log transmission

Table 1: Connectivity requirements

Configure Syslog

Follow the steps outlined in Remote Logging Target Settings using the following parameters:

Field NameParameter
Target TypeTCP Syslog
IP AddressIP address of your Samurai Local Collector
Port514
Maximum Length8192
Comply to RFC 3164Enabled

With the following logging categories enabled:

Logging Category
AAA Audit
Failed attempts
Passed Authentications
Administrative and Operational Audit
Posture and Client Provisioning Audit
MDM

For integrations that utilize a Local Collector where we ingest syslog only, you do not need to follow specific steps in the Samurai MDR portal as we auto detect the vendor and product. The only reason you need to use the Samurai MDR portal is if you need to determine the Local Collector IP address. Of course you will still need to ensure the integration is functioning! See Integrations for more information on checking status.

Our Integration guide was accurate at the time of writing but vendors change things frequently! If you find errors or anything is outdated, let us know by raising a request in the Samurai MDR application and we shall get it updated.