Cisco NAC

The Cisco NAC DSM for JSA accepts events by using syslog.

JSA records all relevant audit, error, failure events, quarantine, and infected system events. Before you configure a Cisco NAC device in JSA, you must configure your device to forward syslog events.

Configuring Cisco NAC to Forward Events

You can configure Cisco NAC to forward syslog events:

1. Log in to the Cisco NAC user interface.
2. In the Monitoring section, select Event Logs.
3. Click the Syslog Settings tab.
4. In the Syslog Server Address field, type the IP address of your JSA.
5. In the Syslog Server Port field, type the syslog port number. The default is 514.
6. In the System Health Log Interval field, type the frequency, in minutes, for system statistic log events.
7. Click Update.

   You are now ready to configure the log source in JSA.

Configuring a Log Source

To integrate Cisco NAC events with JSA, you must manually create a log source to receive Cisco NAC events

JSA does not automatically discover or create log sources for syslog events from Cisco NAC appliances.

1. Log in to JSA.
2. Click the Admin tab.
3. On the navigation menu, click Data Sources.
4. Click the Log Sources icon.
5. Click Add.
6. In the Log Source Name field, type a name for your log source.
7. In the Log Source Description field, type a description for the log source.
8. From the Log Source Type list, select Cisco NAC Appliance.
9. Using the Protocol Configuration list, select Syslog.
10. Configure the following values:

    Table 1: Syslog Protocol Parameters

    Parameter	Description
    Log Source Identifier	Type the IP address or host name for the log source as an identifier for events from your Cisco NAC appliance.

11. Click Save.
12. On the Admin tab, click Deploy Changes.

    The log source is added to JSA. Events that are forwarded to JSA by Cisco NAC are displayed on the Log Activity tab.