cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

111
Views
0
Helpful
5
Replies
Highlighted
Beginner

Sending logs to MnT nodes

Hello,

 

At some Cisco talk, I've heard that sending WLC, ASA, or switches logs to the MnT is recommended for richer visibility. What are the real benefits of this and what new information can ISE take from these logs? Will not impact on the MnT node performance?

 

Regards.

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: Sending logs to MnT nodes

There is small benefit as admin can see the logs from the switches without having to login to each switch. ISE merges the syslog event from the switch with live log. But this is not recommended beyond the pilot stage of the ISE deployment as it impacts ISE load as well as issues with session tracking. Aside from the switch, if ASA sends web access events to MnT, ISE can correlate guest users with web access events from the ASA for guest access log. If using guest access event correlation, make sure to configure ASA to only send web access event as not to overload the MnT node.

5 REPLIES 5
Cisco Employee

Re: Sending logs to MnT nodes

Which cisco live?

This is only for troubleshooting purposes. Please see cisco live information for ISE performance and scale at it says it there under the training links for BRKSEC-3432
https://community.cisco.com/t5/security-documents/ise-performance-amp-scale/ta-p/3642148#toc-hId-118574828



For long term rich logs look into Cisco DNA Assurance and/or splunk
Beginner

Re: Sending logs to MnT nodes

Thank you Jason,

 

It was at some partner training. I will skip this for the moment then.

 

regards.

Beginner

Re: Sending logs to MnT nodes

Thank you Jason,

 

It was at some partner training. I will skip this for the moment then.

 

regards.

Everyone's tags (1)
Cisco Employee

Re: Sending logs to MnT nodes

Can you please share the info with me directly at jakunst@cisco.com
Cisco Employee

Re: Sending logs to MnT nodes

There is small benefit as admin can see the logs from the switches without having to login to each switch. ISE merges the syslog event from the switch with live log. But this is not recommended beyond the pilot stage of the ISE deployment as it impacts ISE load as well as issues with session tracking. Aside from the switch, if ASA sends web access events to MnT, ISE can correlate guest users with web access events from the ASA for guest access log. If using guest access event correlation, make sure to configure ASA to only send web access event as not to overload the MnT node.