The Cisco NAC DSM for JSA accepts events by using syslog.
JSA records all relevant audit, error, failure events, quarantine, and infected system events. Before you configure a Cisco NAC device in JSA, you must configure your device to forward syslog events.
Configuring Cisco NAC to Forward Events
You can configure Cisco NAC to forward syslog events:
- Log in to the Cisco NAC user interface.
- In the Monitoring section, select Event Logs.
- Click the Syslog Settings tab.
- In the Syslog Server Address field, type the IP address of your JSA.
- In the Syslog Server Port field, type the syslog port number. The default is 514.
- In the System Health Log Interval field, type the frequency, in minutes, for system statistic log events.
- Click Update.
You are now ready to configure the log source in JSA.
Configuring a Log Source
To integrate Cisco NAC events with JSA, you must manually create a log source to receive Cisco NAC events
JSA does not automatically discover or create log sources for syslog events from Cisco NAC appliances.
- Log in to JSA.
- Click the Admin tab.
- On the navigation menu, click Data Sources.
- Click the Log Sources icon.
- Click Add.
- In the Log Source Name field, type a name for your log source.
- In the Log Source Description field, type a description for the log source.
- From the Log Source Type list, select Cisco NAC Appliance.
- Using the Protocol Configuration list, select Syslog.
- Configure the following values:
Table 1: Syslog Protocol Parameters
Log Source Identifier
Type the IP address or host name for the log source as an identifier for events from your Cisco NAC appliance.
- Click Save.
- On the Admin tab, click Deploy Changes.
The log source is added to JSA. Events that are forwarded to JSA by Cisco NAC are displayed on the Log Activity tab.