Cisco ISE Monitoring node backup size

Similar Messages

• Cisco ISE monitoring Logs

  Hi All,
  I want to backup all the radius logs before upgrading of the ISE from 1.0.4 to 1.1.0. I have already took a back up of application data.
  From Gui under Monitoring Node-->full backup on demand
  1)Is that all for the radius logs?
  2)If I have upgraded to 1.1.0, will the radius logs be lost?
  3)If I want to restore the radius logs in version 1.1.0, can I use the data restore under monitoring node and restore the logs taken from version 1.0.4?
  Please advise
  Thanks

  Duplicate posts.   
  GO here:  http://supportforums.cisco.com/discussion/12144361/cisco-ise-monitoring-logs

• Cisco ISE deregister node not available

  Hello,
  I installed two ISE node and registered the second node. Yesterday I saw an error message: Sync failed, deregister and register the second node.
  I deregistered the second node and tried register again, but not worked. Now, the second node is showing in the first node but I can not deregister or register again, how I can deregister the second node to register again?

  This seems to be an issue with invalid certificates. Have you already checked the certificates on both the sides. Also restart the services of secondary nodes one and check again.
  As a next step, we need to look inside ise-psc.logs to further troubleshoot this issue.
  Regards,
  Jatin Katyal
  **Do rate helpful posts**

• Guest Activity on Cisco ISE

  Is it possible to monitor the web pages visited for a guest using cisco ISE?                  

  Hi Gino,
  Yes, you can use the Guest Activity option. The Guest Activity report provides details about the websites that guest users are visiting. You can use this report for security auditing purposes to demonstrate when guest users accessed the network and what they did on it.
  This report is available at: Operations > Reports > Endpoints and Users > Guest Activity.
  To use this report you must first:
  •Enable the passed authentications logging category. Choose Administration > Logging > Logging Categories and select Passed authentications.
  •Enable these options on the firewall used for guest traffic:
  –Inspect HTTP traffic and send data to Cisco ISE Monitoring node. Cisco ISE only requires the the IP address and accessed URL for the Guest Activity report so, if possible, limit the data to include just this information.
  –Send syslogs to Cisco ISE Monitoring node
  Please check the below link for further information,
  http://www.cisco.com/en/US/docs/security/ise/1.2/user_guide/ise_guest_pol.html#wp1056645

• Cisco ISE Dashboard empty

  Dear all,
  This empty dashboard has occurred not within period of two month in which admin node portal just went empty.
  TAC was called the first time and restart the services everything work fine. But I am curious knowing under what circumstances can this happen when without notice Primary Admin node Dashboard going blank.
  Any useful help would be appreciated.
  Regards,
  Adeola

  Cisco ISE Monitoring Dashlets Not Visible with Internet Explorer 8
  Symptoms or Issue
  Administrator sees one or more “There is a problem with this website's security certificate.” messages after clicking the dashlets in the Cisco ISE monitoring portal.
  Conditions
  This issue is specific to Internet Explorer 8. (This issue has not been observed when using Mozilla Firefox.)
  Possible Causes
  The security certificate for the Internet Explorer 8 browser connection is invalid or expired.
  Resolution
  Use Internet Explorer 8 to reimport a valid security certificate to view the dashlets appropriately.

• Cisco ISE Backup

  Hi All
  When I take a backup of primary, just the application backup, it is more than 10GB.
  Is that normal. I noticed there are no purge settings configured. But since this is just application backup, the monitoring logs should be considered under this right?
  Thanks

  What is the current version of ISE software you are using. Are these backups for Admin or MnT nodes.  Did you ever turn on the debugs logs while troublehsooting an issue? Anyway, the backup size is pretty large, should be an issue with the huge log files? There is also a manual option to purge from the CLI using "application configure ise".
  Regards,
  Jatin Katyal
  *Do rate helpful posts*

• Backup of monitor node 1.1.4

  Hi all,
  I'm fairly happy with backups and restoration on the admin node, but not done much with the monitor node.
  I think a while ago, I backed up a monitor node and restored it, and seemed to go ok, apart from the gap in logs while you're actually doing the backup/restore.
  What I want to know and have not seen any documentation on it, is there a decent way of opening and viewing backed up logs. i.e. accessing the massive raw encrypted file that will be saved off to some network drive somewhere?
  I'll give it a try on Monday but not got access to any at the moment.
  Sent from Cisco Technical Support iPhone App

  Hi,
  For scheduled backups, you can obtain information about the backup, backup events, and status (when the backup was performed, whether it was successful or not, and so on) from the Backup History page.
  Every Cisco ISE administrator account is assigned one or more administrative roles. To perform the operations described in the following procedure, you must have one of the following roles assigned. Super Admin or Monitoring Admin or Helpdesk Admin.
  To view the backup history, complete the following steps:
  Step 1 Choose Operations > Reports > System.
  Step 2 From the System navigation pane on the left, choose Data Management > Administration Node > Backup History.
  The Backup History page provides basic information about the scheduled backups that were run.
  For failed backups, you must run the backup-logs command from the Cisco ISE CLI and look at the
  ADE.log for more information.
  Note The backup history is stored along with the Cisco ADE operating system configuration data. After an application upgrade, backup history is not lost and the Backup History page lists all the backups that were run. The backup history will be removed only when you reimage the primary administration node.

• Cisco ISE 1.2 monitoring and Reporting

  Hi Ali
  We're trying to determine how many addtional Base licenses we have to purchase in order to be compliant in our Cisco ISE 1.2 platforms (already have 1500 CISE 1.2  Base licenses in production).
  Is there any means to monitoring (e.g SNMP polling) and get scheduled reports showing the numbers of used licenses for a period ?
  looking forward to heard you back

• Cisco ISE 1.2 - NFS Backup

  I'm trying to use NFS to backup Cisco ISE on a schedule but I'm having difficulty.  I'm not sure what the settings should be or the proper syntax.          

  Hello David,
  Please share your ISE running configuration to find and verify syntex.
  Source or destination URL for an NFS network server. Use url nfs://server:path1.
  Server is the server name and path refers to /subdir/subsubdir. Remember that a colon (:) is required after the server for an NFS network server.
  Also please reverify below required format:
  The path must be valid and must exist at the time you create the repository. The following three fields are required depending on the protocol that you have chosen.
  –ServerName—(Required for TFTP, HTTP, HTTPS, FTP, SFTP, and NFS) Enter the hostname or IPv4 address of the server where you want to create the repository.
  –Username—(Required for FTP, SFTP, and NFS) Enter the username that has write permission to the specified server. Only alphanumeric characters are allowed.
  –Password—(Required for FTP, SFTP, and NFS) Enter the password that will be used to access the specified server. Passwords can consist of the following characters: 0 through 9, a through z, A through Z, -, ., |, @, #,$, %, ^, &, *, (, ), +, and =.

• Cisco ISE inline posture node Posture assessment query

  Hi all,
  i read the user guide for the ISE 1.1 and in the Inline posture section, I picked up the following text which concerned me if I understand it right...
  "In a deployment, such as outlined in the example, when more endpoints connect to the wireless network
  they are likely to fall into one of the identity groups that already have authenticated and authorized users
  connected to the network.
  For instance, there may be an employee, executive, and guest that have been granted access through the
  outlined steps. This situation means that the respective restrictive or full-access profiles for those ID
  groups have already been installed on the Inline Posture node. The subsequent endpoint authentication
  and authorization uses the existing installed profiles on the Inline Posture node, unless the original
  profiles have been modified at the Cisco ISE policy configuration. In the latter case, the modified profile
  with ACL is downloaded and installed on the Inline Posture node, replacing the previous version."
  Does this mean that if a corporate user VPNs in and successfully passes posture and gets a dACL applied to the session allowing full access, will the next user completely skip posture assessment and granted full access to the network if they are a member of the same AD group?
  I am planning on using the iPEP for posturing VPN clients and using AD groups to determine the correct dACL to apply to a particular VPN session.
  Thanks!
  Mario

  I'm not too familiar with the actual operations of the Inline Posture node, but it seems to me that the only things that are more or less "cached" are the authentication and authorization profiles that have been previously matched. So, even if they're "cached" and a endpoint matches and authorizes based on those policies, it would match on the policy that provides a pre-posture state. So, a PRE-POSTURE ACL would be pushed and an URL redirect would also occur to the NAC agent download portal (if the endpoint doesn't have it already).
  After posture is assessed, a change of authorization would occur and reauthorize that endpoint's session.
  So, in short, even if the profiles are cached, they only deliver pre-posture profiles. After posture assessment, the endpoint is goes through reauth via CoA.
  If you have access to the partner education connection, I suggest checking out the VoE deep dive series for ISE. There's a posture presentation that would probably help you out.
  https://communities.cisco.com/docs/DOC-30977
  HTH,
  Ryan

• Unable to register secondary node on Cisco ISE 1.1.4

  Hello,
  I have a problems with registering the secondary node on Cisco ISE 1.1.4.
  I did all like described on User Guide:
  - Primary ISE is promoted to PRIMARY.
  - DNS entries are added and resolved for both ISEs
  - The "Certificate Store" on both ISEs are populated with self-signed certificates from both ISEs.
  Durring the registration process (from Primary node), when I add the IP, username and password for secondary node, an empty popup message displayed with only button "OK".
  So, I cannot proceed to far and don't see the error indicated what's wrong.
  In attachment - screenshot with popup message.
  I use IE 8.0.6001.
  The lattest patch (1.1.4.218-7-87377) applied on both ISEs.
  Is somebody had the similar problem?
  Thanks,
  PC

  Hello,
  In the debug logs "ise-psc.log" I see :
  2013-11-11 08:43:47,534 ERROR 2013-11-11 08:43:47,534  [http-443-7][] cpm.admin.infra.action.DeploymentEditAction- An exception occurred during the registration of a deployment node: java.lang.NullPointerException
  java.lang.NullPointerException
  at com.cisco.cpm.admin.infra.action.DeploymentEditAction.registerSubmit(DeploymentEditAction.java:455)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
  at java.lang.reflect.Method.invoke(Unknown Source)
  at com.cisco.webui.action.common.PojoActionProxy.performExecution(PojoActionProxy.java:176)
  at com.cisco.webui.action.common.PojoActionProxy.execute(PojoActionProxy.java:89)
  at org.apache.struts.chain.commands.servlet.ExecuteAction.execute(ExecuteAction.java:58)
  at org.apache.struts.chain.commands.AbstractExecuteAction.execute(AbstractExecuteAction.java:67)
  at org.apache.struts.chain.commands.ActionCommandBase.execute(ActionCommandBase.java:51)
  at org.apache.commons.chain.impl.ChainBase.execute(ChainBase.java:191)
  at org.apache.commons.chain.generic.LookupCommand.execute(LookupCommand.java:305)
  at org.apache.commons.chain.impl.ChainBase.execute(ChainBase.java:191)
  at org.apache.struts.chain.ComposableRequestProcessor.process(ComposableRequestProcessor.java:283)
  at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1913)
  at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:462)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
  at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
  at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
  at com.cisco.xmp.wap.dojo.servlet.filter.DojoIframeSendFilter.doFilter(DojoIframeSendFilter.java:58)
  at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
  at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
  at com.cisco.cpm.admin.infra.utils.WebCleanCacheFilter.doFilter(WebCleanCacheFilter.java:35)
  at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
  at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
  at com.cisco.cpm.rbacfilter.AccessCheckFilter.doFilter(AccessCheckFilter.java:71)
  at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
  at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
  at com.cisco.cpm.admin.infra.utils.UserInfoFilter.doFilter(UserInfoFilter.java:110)
  at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
  at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
  at com.cisco.cpm.admin.infra.utils.CsrfPreventionFilter.doFilter(CsrfPreventionFilter.java:113)
  at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
  at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
  at com.cisco.cpm.admin.infra.utils.LoginCheckFilter.doFilter(LoginCheckFilter.java:188)
  at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
  at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
  at com.cisco.cpm.admin.infra.utils.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:121)
  at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
  at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
  at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
  at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
  at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:563)
  at org.apache.catalina.valves.RequestFilterValve.process(RequestFilterValve.java:316)
  at org.apache.catalina.valves.LocalAddrValve.invoke(LocalAddrValve.java:43)
  at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
  at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
  at org.apache.catalina.authenticator.SingleSignOn.invoke(SingleSignOn.java:394)
  at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
  at org.apache.catalina.valves.MethodsValve.invoke(MethodsValve.java:52)
  at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
  at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:859)
  at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:602)
  at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
  at java.lang.Thread.run(Unknown Source)
  2013-11-11 08:44:00,226 INFO  2013-11-11 08:44:00,226  [http-443-1][] cpm.admin.infra.action.SupportBundleAction- editPreload() triggered. Selected hostname is BB1NACEASTP01
  2013-11-11 08:44:00,226 INFO  2013-11-11 08:44:00,226  [http-443-1][] cpm.admin.infra.action.SupportBundleAction- ParameterNames in load()= BB1NACEASTP01
  2013-11-11 08:44:00,226 INFO  2013-11-11 08:44:00,226  [http-443-1][] cpm.admin.infra.action.SupportBundleAction- editPreload(): userName= adminhostname= BB1NACEASTP01
  2013-11-11 08:44:01,017 INFO  2013-11-11 08:44:01,017  [http-443-1][] cpm.admin.infra.action.SupportBundleAction- ParameterNames in load()= BB1NACEASTP01
  2013-11-11 08:44:01,017 INFO  2013-11-11 08:44:01,017  [http-443-1][] cpm.admin.infra.action.SupportBundleAction- Inside load() API : hostNameBB1NACEASTP01 userName : admin
  2013-11-11 08:44:01,017 INFO  2013-11-11 08:44:01,017  [http-443-1][] cpm.admin.infra.action.SupportBundleAction- Inside fetchFile() API : hostName: BB1NACEASTP01 userName : admin
  2013-11-11 08:44:01,018 INFO  2013-11-11 08:44:01,018  [http-443-3][] cpm.admin.infra.action.SupportBundleAction- ParameterNames in sbfCreationPercentage()= BB1NACEASTP01
  2013-11-11 08:44:01,021 INFO  2013-11-11 08:44:01,021  [http-443-3][] cpm.admin.infra.action.SupportBundleAction- Got hostAlias= BB1NACEASTP01
  2013-11-11 08:44:01,021 INFO  2013-11-11 08:44:01,021  [http-443-3][] cpm.admin.infra.action.SupportBundleAction- Ping node: BB1NACEASTP01 for connectivity
  2013-11-11 08:44:01,181 INFO  2013-11-11 08:44:01,181  [http-443-3][] cpm.admin.infra.action.SupportBundleAction- Received pingNode response : Node is reachable

• ISE admin , PSN and monitoring node fail-over and fall back scenario

  Hi Experts,
  I have question about ISE failover .
  I have two ISE appliaces in two different location . I am trying to understand the fail-over scenario and fall-back scenario
  I have gone through document as well however still not clear.
  my Primary ISE server would have primary admin role , primary monitoring node and secondary ISE would have secondary admin and secondary monitoring role .
  In case of primary ISE appliance failure , I will have to login into secondary ISE node and make admin role as primary but how about if primary ISE comes back ? what would be scenario ?
  during the primary failure will there any impact with users for authentication ? as far as PSN is available from secondary , it should work ...right ?
  and what is the actual method to promote the secondary ISE admin node to primary ? do i have to even manually make monitoring node role changes ?
  will i have to reboot the secondary ISE after promoting admin role to primary  ?

  We have the same set up across an OTV link and have tested this scenario out multiple times. You don't have to do anything if communication is broken between the prim and secondary nodes. The secondary will automatically start authenticating devices that it is in contact with. If you promote the secondary to primary after the link is broke it will assume the primary role when the link is restored and force the former primary nodes to secondary.

• Cisco ISE - line posture node and switch connection.

  I am studying how Cisco ISE - Inline Posture Node working under the Bridge Mode. I learned that I need to configure the vlan mapping between the untrusted and trusted interfaces of IPN device ( http://www.cisco.com/en/US/docs/security/ise/1.1/user_guide/ise_ipep_deploy.html - Figure 10-6).
  Does that mean I can setup a 802.1Q trunk link between the switch port and trusted/untrusted interface on IPN? Is there any vlan mapping entry limitation? Thanks.

  Please review the below link which might also be  helpful:
  http://www.cisco.com/en/US/products/ps11640/products_configuration_example09186a0080bea904.shtml

• CIsco ISE - HP Openview monitoring.

  Hi guys,
  I have a doubt about monitoring Cisco ISE services in the network.
  We can send some alarms notifications to a multiple e-mails, but my doubt is if I can monitoring ISE services with a network monitoring software like HP Open View.
  I didn't find any documentation about it yet.
  Someone knows if I can do this?

  Hi Tarik, How are you?
  The doubt is.... my customer have ise in vmware and he need monitoring availability for cisco ISE. The question is: How can I do that? I did found any document informing if I can send snmp traps or something like that to a Monitoring Server.
  About "link down" and "link Up" he can monitoring the ESX Vmware appliance right?
   There are something that I can do with Cisco ISE. I need to pass a answer to my client if  the Cisco ISE can support this kind of configuration. 
  Thanks for your help.

• Backup Job Cisco ISE

  Good afternoon,
  Is it possible to delete/stop a running FullBackupOnDemand-Job in Cisco ISE?

  If you want to delete the backup from repository then these are the steps
  Step 1 Choose Administration > System > Maintenance.
  Step 2 From the Operations navigation pane on the left, click Repository.
  The repositories listing page appears.
  Step 3 Click the radio button next to the repository that you want to delete, then click Delete.
  Cisco ISE prompts you with the following message:
  Are you sure you want to delete this repository?
  Step 4 Click OK to delete the repository.
  The following message appears:
  Repository was deleted successfully.
  The Repository List page appears and the repository that you deleted will no longer be listed in this page