Hi paul1gilbert
Two things here:
1. You need to increase the size of the buffer that sends Cisco ISE to the LEM. I unfortunately do not have a handy screenshot from Cisco's console to show you (If you do this it would be great if you shared a screenshot). Make the buffer of what is sent via syslog as large as possible. The reason for this is the Cisco did not stay within the 1024 RFC for syslog and as such it breaks all the lines up separately which makes it a pure pain to pull them all back together. Once you get that changed then you move onto the second item.
2. In this situation I would configure Cisco ISE by hand instead of doing a scan for new nodes. it will be quicker since you already know you have a Cisco ISE. Otherwise what you are doing is sending a sample of log lines through every single connector to figure out which one it might match.
Also look at checklogs from the cmc to see if the logs are actually getting to local6
Hope that helps out.