Skip to content

Cisco Identity Services Engine (ISE)

Step 1: Prepare Cisco ISE for Logging

  1. Access the Cisco ISE Administration Console:

  2. Log in to the Cisco ISE web interface using an administrator account.

  3. Configure Logging Settings:

  4. Navigate to Administration > System > Logging > Logging Categories.

  5. Configure the logging categories to ensure the necessary logs (such as RADIUS, TACACS, and Admin logs) are being generated.

  6. Set Up Syslog Targets:

  7. Navigate to Administration > System > Logging > Remote Logging Targets.
  8. Click on Add and choose Syslog as the logging target.
  9. Enter the IP address or hostname of your Cribl instance.
  10. Set the port number to the default syslog port (514) or the custom port configured on Cribl.
  11. Choose the appropriate logging protocol (UDP or TCP). TCP is preferred for reliable delivery.

Step 2: Providing Information to Configure SecurIST

After completing Step 1, please provide the following information to our support team to configure Cribl for receiving and processing Cisco ISE logs:

Syslog Target Details

  1. IP Address or Hostname of Cribl Instance:

  2. The IP address or hostname where Cisco ISE will send the syslog data.

  3. Syslog Port:

  4. The port number configured in Cisco ISE for sending syslog data (default is 514).

  5. Transport Protocol:

  6. The transport protocol used for sending syslog data (UDP or TCP).

Log Source Information

  1. Type of Log Data:

  2. Specify the types of logs being sent (e.g., RADIUS logs, TACACS logs, Admin logs).

  3. Log Format:

  4. The format of the logs being sent (e.g., plain text, JSON).

  5. Specific Identifiers or Tags:

  6. Any specific identifiers or tags used in the logs that will help in categorizing and processing them in Cribl.

Additional Configuration Details

  1. Log Frequency:

  2. The expected frequency or volume of log data being sent (e.g., events per second).

  3. Retention Policy:

  4. Any specific retention policy requirements for the log data in Cribl.

Please send the above details to our support team via an "Onboard Log source request in your SecurIST platform

Getting Help

If you encounter any issues or need assistance during this process, our support team is here to help. You can reach out to us through:

Support Portal: Submit a ticket via our support portal for detailed assistance. Documentation: Refer to our extensive documentation library for troubleshooting and additional guides.

By providing these details, we will be able to configure SecurIST to accept and process Bitdefender logs for your SIEM service.