Our Integration guide was accurate at the time of writing but vendors change things frequently! If you find errors or anything is outdated, let us know by raising a request in the Samurai MDR application and we shall get it updated.
| Product | Samurai [Local] Collector | Samurai [Cloud] Collector |
|---|---|---|
| Cisco Identity Services Engine (ISE) |  |
This guide describes the steps required to configure Cisco Identity Services Engine to send logs to a Samurai Local Collector deployed in your network.
Connectivity Requirements
You must ensure the following connectivity requirements are available:
| Source | Destination | Ports | Description |
|---|---|---|---|
| Cisco ISE | Samurai Local Collector | TCP/514 (syslog) | For log transmission |
Table 1: Connectivity requirements
Configure Syslog
Follow the steps outlined in Remote Logging Target Settings using the following parameters:
| Field Name | Parameter |
|---|---|
| Target Type | TCP Syslog |
| IP Address | IP address of your Samurai Local Collector |
| Port | 514 |
| Maximum Length | 8192 |
| Comply to RFC 3164 | Enabled |
With the following logging categories enabled:
| Logging Category |
|---|
| AAA Audit |
| Failed attempts |
| Passed Authentications |
| Administrative and Operational Audit |
| Posture and Client Provisioning Audit |
| MDM |
For integrations that utilize a Local Collector where we ingest syslog only, you do not need to follow specific steps in the Samurai MDR Application as we auto detect the vendor and product. The only reason you need to use the Samurai MDR Application is if you need to determine the Local Collector IP address. Of course you will still need to ensure the integration is functioning! See Integrations for more information on checking status.