The Cisco NAC DSM for JSA accepts events by using syslog.
JSA records all relevant audit, error, failure events, quarantine, and infected system events. Before you configure a Cisco NAC device in JSA, you must configure your device to forward syslog events.
Configuring Cisco NAC to Forward Events
You can configure Cisco NAC to forward syslog events:
- Log in to the Cisco NAC user interface.
- In the Monitoring section, select Event Logs.
- Click the Syslog Settings tab.
- In the Syslog Server Address field, type the IP address of your JSA.
- In the Syslog Server Port field, type the syslog port number. The default is 514.
- In the System Health Log Interval field, type the frequency, in minutes, for system statistic log events.
- Click Update.
You are now ready to configure the log source in JSA.
Syslog Log Source Parameters for Cisco NAC
If JSA does not automatically detect the log source, add a Cisco NAC log source on the JSA Console by using the syslog protocol.
When using the syslog protocol, there are specific parameters that you must use.
The following table describes the parameters that require specific values to collect syslog events from Cisco NAC:
Table 1: Syslog Log Source Parameters for the Cisco NAC DSM
Log Source type
Cisco NAC appliance
Log Source Identifier
Type the IP address or host name for the log source.
The identifier helps you determine which events came from your Cisco NAC device.