Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
543
Views
0
Helpful
5
Replies

Sending logs to MnT nodes

Go to solution
Antonio Macia
Level 3
Level 3

‎06-26-2019 08:24 AM

Hello,

 

At some Cisco talk, I've heard that sending WLC, ASA, or switches logs to the MnT is recommended for richer visibility. What are the real benefits of this and what new information can ISE take from these logs? Will not impact on the MnT node performance?

 

Regards.

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
howon
Cisco Employee
Cisco Employee

‎06-29-2019 09:06 AM

There is small benefit as admin can see the logs from the switches without having to login to each switch. ISE merges the syslog event from the switch with live log. But this is not recommended beyond the pilot stage of the ISE deployment as it impacts ISE load as well as issues with session tracking. Aside from the switch, if ASA sends web access events to MnT, ISE can correlate guest users with web access events from the ASA for guest access log. If using guest access event correlation, make sure to configure ASA to only send web access event as not to overload the MnT node.

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee

‎06-26-2019 08:37 AM

Which cisco live?

This is only for troubleshooting purposes. Please see cisco live information for ISE performance and scale at it says it there under the training links for BRKSEC-3432
https://community.cisco.com/t5/security-documents/ise-performance-amp-scale/ta-p/3642148#toc-hId-118574828



For long term rich logs look into Cisco DNA Assurance and/or splunk
0 Helpful

Go to solution
Antonio Macia
Level 3
Level 3
In response to Jason Kunst

‎06-26-2019 11:53 PM

Thank you Jason,

 

It was at some partner training. I will skip this for the moment then.

 

regards.

0 Helpful

Go to solution
Antonio Macia
Level 3
Level 3
In response to Jason Kunst

‎06-26-2019 11:53 PM

Thank you Jason,

 

It was at some partner training. I will skip this for the moment then.

 

regards.

0 Helpful

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee
In response to Antonio Macia

‎06-27-2019 11:21 AM

Can you please share the info with me directly at jakunst@cisco.com
0 Helpful

Go to solution
howon
Cisco Employee
Cisco Employee

‎06-29-2019 09:06 AM

There is small benefit as admin can see the logs from the switches without having to login to each switch. ISE merges the syslog event from the switch with live log. But this is not recommended beyond the pilot stage of the ISE deployment as it impacts ISE load as well as issues with session tracking. Aside from the switch, if ASA sends web access events to MnT, ISE can correlate guest users with web access events from the ASA for guest access log. If using guest access event correlation, make sure to configure ASA to only send web access event as not to overload the MnT node.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents