ISE Reporting / Audit

TraffB · ‎07-09-2024

Hello,

I am looking for some advice on how to run a particular type of report / audit within ISE. For some backstory, we are experiencing some issues with high CPU & Memory. We are also finding there is a lot of latency within the database.

We currently have around 220K endpoints within ISE, while only around 11K endpoints active at any one time.

I was hoping to be able to run an audit and find out how many devices we have that haven't registered for a given time period, say 90 days.

I have been on Dashboard > Operations > Reports but cannot find any section that fits my requirements.

advice is greatly appreciated!

(apologies if this in the wrong community, i could not find anything for ISE!)

MHM Cisco World · ‎07-09-2024

try

operation>reports>endpoints and users> currect active session

MHM

TraffB · ‎07-09-2024

I did try here earlier with the advanced filters, to try and narrow it down to devices that had not registered. Unfortunately, the filter doesn't allow this.

I would have thought this would be possible under operation>reports>endpoints and users>registered endpoints - sadly it is not.

klnnnnng · ‎07-09-2024

Hi @TraffB,

what kind of deployment and machines are you running?

Have you checked the Reports - > Key Performance Metrics to see what is the request distribution over the nodes or maybe Top N Authentication by Failure Reason?

Be awere that by default ISE keeps the logs for 30 days.

Regards

TraffB · ‎07-09-2024

Hello @klnnnnng - It wasn't a case of seeing why endpoints had been rejected, it was more to see the last active endpoints.

For example, we have recently swapped out thousands of IP phones, however the MAC's were not removed from the identity group. By being able to see devices that have been inactive for over 90 days, we would then be able to purge these