cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

400
Views
1
Helpful
1
Replies
Highlighted
Contributor

Data retention.

Hi there I am trying to understand how to ensure I retain data for my ISE deployment over the long term (lets assume 2 years).

I can see a couple of options, but not sure if I am missing some other methods.....

Option 1 - configure a remote logging (syslog) server and send all RADIUS/TACACS logs to this remote syslog server (as well as the local log collector on ISE)

Option 2 - under operational data purging there is an export repository. How does this work? It wasn't clear from documentation but I assume when data is purged it is sent to the repository I selected. i.e. If set to 30 days logs remain only on the ISE node for up to 30 days at which point they are exported to my respository and deleted from ISE disk? In addition, you can only export to an FTP server - is that right?

Some clarification on the above would be much appreciated, plus any other options that I may have missed.

Thanks

Darren

Everyone's tags (5)
1 REPLY 1
Cisco Employee

Re: Data retention.

Option 1 is what we usually recommend. ISE M&T date is geared for session tracking and troubleshooting but not much for long term data retensions.

As to Option 2,

ISE will export the Radius and Tacacs data in csv format to an external repository before purging data. This data will be protected with encryption key.

You may also see it in Slide 22 of Designing ISE for Scale and High Availability (2017 Melbourne)

Another option is to schedule reports, which will save results in the repositories.