Cisco ISE 3.3 patch-6 scheduled backup

adamscottmaster2013 · ‎08-05-2025

I scheduled a daily configuration backup (no ADE-OS) on the PAN node at 12:01 EST. When first started the scheduled backup, the file size of the backup was around 500MB. For the past two weeks, it is around 117MB. I do NOT have a test system to restore to confirm that the backup is legit. Any reasons why the backup file size has gone from 500MB to 117MB?

TIA.

balaji.bandi · ‎08-05-2025

that is huge difference - until any data is removed part of Purging.

why not take one more Manual backup on different space and check the size :

https://www.cisco.com/c/en/us/td/docs/security/ise/3-3/admin_guide/b_ise_admin_3_3/b_ISE_admin_33_maintain_monitor.html#reference_4F69987D3294499E95C1B652C4D1E73D

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Arne Bier · ‎08-05-2025

It's very likely that some cron job has run and cleared a bunch of linux and app logs. Sadly, the ISE config backup contains a lot of junk that is not required for config restoration. The smaller the config backup, the better. See this article for the linux steps to follow to unpack one of these backup files to inspect their contents.

And if you have lots of time, try restoring your leaner config backup file on a lab VM and see if it restores all the stuff you expect.

adamscottmaster2013 · ‎08-06-2025

@Arne Bier wrote: And if you have lots of time, try restoring your leaner config backup file on a lab VM and see if it restores all the stuff you expect.

Hi @Arne Bier: I guess you didn't read my original post. I do NOT have an environment to test the restore. This place has NOTHING in term of lab/dev environment for me to do anything :-(.....

Arne Bier · ‎08-06-2025

You're right - I missed that part about not having a test system to restore the backup. But to be honest, that is a very low bar to overcome. 8GB of RAM (or 16GB if you can manage it) and a 300GB thin provisioned disk is not much to ask for. I can do that on my kid's home computer in VMWare Player/Workstation (free).

The question about the legitimacy of the backup can only be answered by testing. The alternative to that, is pure speculation - and we can all have a lot of fun speculating about this. Or you can do another thing - unpack that file (with the link I provided you) and look inside. There is no documentation that tells us where the various parts of the ISE config live - it's spread of many different types of files. The most important is the Oracle Database dump.

I come back to my original point: spin up an Eval ISE node, and restore the file.

If you have a Cisco Support Contract, I bet you they would offer to do the same for you too.

adamscottmaster2013 · ‎08-06-2025

@Arne Bier wrote: If you have a Cisco Support Contract, I bet you they would offer to do the same for you too.

I might have to go that route. This place that I am working at has ZERO infrastructure for me to test. It is the US Federal government and the bureaucracy that I have to jump through is unbelievable. Fortunately, I only need to work for a few more years. After that, I am going to retire in Argentina

pearl44snow · ‎08-05-2025

The decrease in your Palo Alto Networks (PAN) configuration backup file size from 500MB to 117MB is likely due to the initial backup including a wider range of data than subsequent backups. The first backup might have been a full snapshot, while later backups are incremental, only saving changes. Additionally, the initial size could have been inflated by logs, temporary files, or other data that are not part of the standard daily configuration backup (especially since you specified "no ADE-OS"). Over time, as your configurations settled and unnecessary data was pruned from the backup process, the file size would naturally shrink to reflect only the essential configuration data.

www mymilestonecard com

adamscottmaster2013 · ‎08-06-2025

@pearl44snow wrote:
The decrease in your Palo Alto Networks (PAN) configuration backup file size from 500MB to 117MB is likely due to the initial backup including a wider range of data than subsequent backups. The first backup might have been a full snapshot, while later backups are incremental, only saving changes. Additionally, the initial size could have been inflated by logs, temporary files, or other data that are not part of the standard daily configuration backup (especially since you specified "no ADE-OS"). Over time, as your configurations settled and unnecessary data was pruned from the backup process, the file size would naturally shrink to reflect only the essential configuration data.

Is this fact or just purely speculation on your part?

kaihyu · ‎09-23-2025

Starting with ISE 3.3 Patch 6, Cisco introduced a change to streamline backup packages only the primary backup instance log is retained by default. This reduces backup size and emphasizes essential configuration data.