Re: Backup of monitor node 1.1.4

bikespace · ‎08-03-2013

Hi all,

I'm fairly happy with backups and restoration on the admin node, but not done much with the monitor node.
I think a while ago, I backed up a monitor node and restored it, and seemed to go ok, apart from the gap in logs while you're actually doing the backup/restore.

What I want to know and have not seen any documentation on it, is there a decent way of opening and viewing backed up logs. i.e. accessing the massive raw encrypted file that will be saved off to some network drive somewhere?

I'll give it a try on Monday but not got access to any at the moment.

Sent from Cisco Technical Support iPhone App

Venkatesh Attuluri · ‎09-02-2013

Hi,

I don’t think the backup logs can be opened as they are encrypted .This can only done by TAC . Please advise if you have success in doing this

Muhammad Munir · ‎09-04-2013

Hi,

For scheduled backups, you can obtain information about the backup, backup events, and status (when the backup was performed, whether it was successful or not, and so on) from the Backup History page.

Every Cisco ISE administrator account is assigned one or more administrative roles. To perform the operations described in the following procedure, you must have one of the following roles assigned. Super Admin or Monitoring Admin or Helpdesk Admin.

To view the backup history, complete the following steps:

Step 1 Choose Operations > Reports > System.

Step 2 From the System navigation pane on the left, choose Data Management > Administration Node > Backup History.

The Backup History page provides basic information about the scheduled backups that were run.

For failed backups, you must run the backup-logs command from the Cisco ISE CLI and look at the

ADE.log for more information.

Note The backup history is stored along with the Cisco ADE operating system configuration data. After an application upgrade, backup history is not lost and the Backup History page lists all the backups that were run. The backup history will be removed only when you reimage the primary administration node.

bikespace · ‎09-05-2013

Hi Muhammad,

Yep, I'm pretty au fait with that, I'm looking at whether there is a method of accessing the raw logs themselves. Or do you have to actually restore to the ISE in order to be able to access previous monitor logs.

"What I want to know and have not seen any documentation on it, is there a decent way of opening and viewing backed up logs. i.e. accessing the massive raw encrypted file that will be saved off to some network drive somewhere?"

Thanks.

aqjaved · ‎10-02-2013

Please check the below link this may can be helpful for you:

Link-1

http://www.cisco.com/en/US/docs/security/ise/1.2/upgrade_guide/b_ise_upgrade_guide.pdf

bikespace · ‎11-28-2013

I think you may have missed my question Aqueel. Did you spot anything in particular in the documentation that answers my question or have you just sent me a random link?
:-)
Initially I suspected you were a bot. :-)

Sent from Cisco Technical Support iPhone App

Naresh Ginjupalli · ‎11-29-2013

Hi,

The MNT data backup can only be restored on ISE MNT nodes. Even though if we decrypt the MNT backup file , you will not be able to read the data because the data is stored in Oracle Database and the backup file contains the snapshot of the MNT database . This snapshot can be re-imported on the MNT nodes and the data can be read by the in-built SQL queries that are being used with the ISE MNT nodes.

The command which is used to decrypt the files in linux is as follows:

gpg --decrypt-files .

When you run the above command it will ask for the passphrase and specify the encryption key that you used at the time of creating the backup files or logs.