Solved: Re: Monitor ISE Process through SNMP

sampathss · ‎10-03-2018

Hi,

Is there a way to monitor the following ISE Services through SNMP?

Database Listener
Database Server
Application Server
Profiler Database
ISE Indexing Engine
AD Connector
M&T Session Database
M&T Log Collector
M&T Log Processor

Damien Miller · ‎10-03-2018

If you wish to monitor the status of the processes you listed, you can do so with SNMP traps. The install guide outlines the traps and messages you will see when processes go up/down. The guide is also quite clear that SNMP traps are the method to use as you wont be able to poll for process status.
"ISE does not have any MIB for process status or disk utilization. Cisco ISE uses OID HOST-RESOURCES-MIB::hrSWRunName for sending SNMP trap. You cannot use snmp walk or snmp get command to query the process status or disk utilization."
https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/admin_guide/b_ise_admin_guide_24/b_ise_admin_guide_24_new_chapter_011001.html#id_17078

I will also direct you at one of Craigs posts from last year which is still relevant to snmp polling of ISE itself for general information.
https://community.cisco.com/t5/identity-services-engine-ise/monitoring-ise-health-using-snmp-polling/m-p/3429610/highlight/true#M861

View solution in original post

Damien Miller · ‎10-03-2018

If you wish to monitor the status of the processes you listed, you can do so with SNMP traps. The install guide outlines the traps and messages you will see when processes go up/down. The guide is also quite clear that SNMP traps are the method to use as you wont be able to poll for process status.
"ISE does not have any MIB for process status or disk utilization. Cisco ISE uses OID HOST-RESOURCES-MIB::hrSWRunName for sending SNMP trap. You cannot use snmp walk or snmp get command to query the process status or disk utilization."
https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/admin_guide/b_ise_admin_guide_24/b_ise_admin_guide_24_new_chapter_011001.html#id_17078

I will also direct you at one of Craigs posts from last year which is still relevant to snmp polling of ISE itself for general information.
https://community.cisco.com/t5/identity-services-engine-ise/monitoring-ise-health-using-snmp-polling/m-p/3429610/highlight/true#M861

sampathss · ‎10-11-2018

Thanks Damien, for the response.

I got the SNMP traps through MIB: hrSWRunName. But this shows only the Running status of the process and not getting anything when the services are stopped. Does it use any other MIB for that?

Thanks

Sampath

Damien Miller · ‎10-11-2018

You won't be able to snmp poll for that, it only uses that mib to trap status change. Two ways I'm aware to get the info is enabling email alerts from the GUI for process down or snmp traps.

sampathss · ‎10-11-2018

I understand that this cannot be achieved through SNMP Polling. Able to see the status Running through the SNMP Traps, but will the it send the traps even when the process is stopped as well?

Sampath

Cory Peterson · ‎10-11-2018

In the document Damien linked it details when traps are sent, the two items in Bold seems to be what you are after:

Cisco ISE sends traps for the following status to the configured SNMP server:

Process Start (monitored state)

Process Stop (not monitored state)

Execution Failed—When the process state changes from “monitored” to “execution failed,” a trap is sent.

Does not exists—When the process state changes from “monitored” to “does not exists,” a trap is sent.

Disk utilization—When a Cisco ISE partition reaches its threshold disk utilization limit (the trap is sent when the configured amount of free space is reached).

sampathss · ‎11-14-2018

It send the traps only when the processes start and not when it's stopped.

Is it probably best to use the built-in alarms for the process stop?