https://community.cisco.com/t5/network-access-control/ise-operational-backup-content-to-syslog-instead-of-backups/m-p/4653212#M576254 <P>We found this thread: <A href="https://community.cisco.com/t5/network-access-control/ise-operational-backup-content/td-p/4184440" target="_blank">https://community.cisco.com/t5/network-access-control/ise-operational-backup-content/td-p/4184440</A>&nbsp; where it indicates that the Operational Data Backup contained basically RADIUS and TACACS logs.</P><P>We log most RADIUS and TACACS data to syslog from ISE already, which means that the backups are potentially quite a bit of redundant data, and excess storage usage.</P><P>What logging options on ISE would allow us to log all the operational data to syslog and then not worry about the operational data backup at all?&nbsp; Is that even possible?</P><P>We fully understand that sysylog will require different talents to generate reports than the GUI, but we already have talent in shop and would only need to determine the various record layouts.</P><P>ISE v3.1+ patches</P> Tue, 19 Jul 2022 17:03:41 GMT wags 2022-07-19T17:03:41Z https://community.cisco.com/t5/network-access-control/ise-operational-backup-content-to-syslog-instead-of-backups/m-p/4653212#M576254 <P>We found this thread: <A href="https://community.cisco.com/t5/network-access-control/ise-operational-backup-content/td-p/4184440" target="_blank">https://community.cisco.com/t5/network-access-control/ise-operational-backup-content/td-p/4184440</A>&nbsp; where it indicates that the Operational Data Backup contained basically RADIUS and TACACS logs.</P><P>We log most RADIUS and TACACS data to syslog from ISE already, which means that the backups are potentially quite a bit of redundant data, and excess storage usage.</P><P>What logging options on ISE would allow us to log all the operational data to syslog and then not worry about the operational data backup at all?&nbsp; Is that even possible?</P><P>We fully understand that sysylog will require different talents to generate reports than the GUI, but we already have talent in shop and would only need to determine the various record layouts.</P><P>ISE v3.1+ patches</P> Tue, 19 Jul 2022 17:03:41 GMT https://community.cisco.com/t5/network-access-control/ise-operational-backup-content-to-syslog-instead-of-backups/m-p/4653212#M576254 wags 2022-07-19T17:03:41Z https://community.cisco.com/t5/network-access-control/ise-operational-backup-content-to-syslog-instead-of-backups/m-p/4653228#M576255 <P>This is pretty easy to do and done quite frequently. It won't be done as a backup but as a new syslog exporter.</P> <OL> <LI>Create a new remote logging target here&nbsp;<A href="https://&lt;your" target="_blank">https://&lt;your-</A>ise-node&gt;/admin/#administration/administration_system/administration_system_logging/remote_log<BR /><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="rlt.JPG" style="width: 999px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/157570iEDA5CAEC21BE9637/image-size/large?v=v2&amp;px=999" role="button" title="rlt.JPG" alt="rlt.JPG" /></span><BR /><BR /></LI> <LI>Add the new syslog target to the logging categories here&nbsp;<A href="https://your-ise-node/admin/#administration/administration_system/administration_system_logging/logging_categories" target="_blank">https://your-ise-node/admin/#administration/administration_system/administration_system_logging/logging_categories</A><BR /><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="lc.JPG" style="width: 999px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/157573i11DE55A38B8543B3/image-size/large?v=v2&amp;px=999" role="button" title="lc.JPG" alt="lc.JPG" /></span><BR /><BR />Depending on what you want to report from the syslog server you will need to enable those logging categories for export. To start you would probably want aaa authentication failed and passed, aaa radius and tacacs accounting as that's the primary data found within the operational backup.&nbsp;</LI> </OL> Tue, 19 Jul 2022 17:25:26 GMT https://community.cisco.com/t5/network-access-control/ise-operational-backup-content-to-syslog-instead-of-backups/m-p/4653228#M576255 Damien Miller 2022-07-19T17:25:26Z https://community.cisco.com/t5/network-access-control/ise-operational-backup-content-to-syslog-instead-of-backups/m-p/4653240#M576256 <P>Thanks for the reply!&nbsp; &nbsp;Do you know where there might be specific Cisco documentation?&nbsp; Something that we can point to for an auditor who might think differently about the subject?</P><P>We have those already set up because we have historically used syslog so heavily. Again thanks!</P> Tue, 19 Jul 2022 17:44:13 GMT https://community.cisco.com/t5/network-access-control/ise-operational-backup-content-to-syslog-instead-of-backups/m-p/4653240#M576256 wags 2022-07-19T17:44:13Z https://community.cisco.com/t5/network-access-control/ise-operational-backup-content-to-syslog-instead-of-backups/m-p/4653355#M576262 <P class="lia-align-justify">Hi&nbsp;<a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/320848">@wags</a>&nbsp;,</P> <P class="lia-align-justify">&nbsp;please try the following: <A href="https://www.cisco.com/c/en/us/td/docs/security/ise/3-1/admin_guide/b_ise_admin_3_1/b_ISE_admin_31_maintain_monitor.html#reference_BAFBA5FA046A45938810A5DF04C00591" target="_blank" rel="noopener">Cisco ISE Maintain and Monitor</A>, search for <STRONG>Cisco ISE Logging Mechanism</STRONG>.</P> <P class="lia-align-justify">&nbsp;</P> <P class="lia-align-justify">Hope this helps !!!</P> Tue, 19 Jul 2022 22:47:32 GMT https://community.cisco.com/t5/network-access-control/ise-operational-backup-content-to-syslog-instead-of-backups/m-p/4653355#M576262 Marcelo Morais 2022-07-19T22:47:32Z