08-05-2025 11:18 AM
I scheduled a daily configuration backup (no ADE-OS) on the PAN node at 12:01 EST. When first started the scheduled backup, the file size of the backup was around 500MB. For the past two weeks, it is around 117MB. I do NOT have a test system to restore to confirm that the backup is legit. Any reasons why the backup file size has gone from 500MB to 117MB?
TIA.
08-05-2025 12:22 PM
that is huge difference - until any data is removed part of Purging.
why not take one more Manual backup on different space and check the size :
08-05-2025 07:51 PM
It's very likely that some cron job has run and cleared a bunch of linux and app logs. Sadly, the ISE config backup contains a lot of junk that is not required for config restoration. The smaller the config backup, the better. See this article for the linux steps to follow to unpack one of these backup files to inspect their contents.
And if you have lots of time, try restoring your leaner config backup file on a lab VM and see if it restores all the stuff you expect.
08-06-2025 01:06 PM
@Arne Bier wrote: And if you have lots of time, try restoring your leaner config backup file on a lab VM and see if it restores all the stuff you expect.
Hi @Arne Bier: I guess you didn't read my original post. I do NOT have an environment to test the restore. This place has NOTHING in term of lab/dev environment for me to do anything :-(.....
08-06-2025 01:29 PM
You're right - I missed that part about not having a test system to restore the backup. But to be honest, that is a very low bar to overcome. 8GB of RAM (or 16GB if you can manage it) and a 300GB thin provisioned disk is not much to ask for. I can do that on my kid's home computer in VMWare Player/Workstation (free).
The question about the legitimacy of the backup can only be answered by testing. The alternative to that, is pure speculation - and we can all have a lot of fun speculating about this. Or you can do another thing - unpack that file (with the link I provided you) and look inside. There is no documentation that tells us where the various parts of the ISE config live - it's spread of many different types of files. The most important is the Oracle Database dump.
I come back to my original point: spin up an Eval ISE node, and restore the file.
If you have a Cisco Support Contract, I bet you they would offer to do the same for you too.
08-06-2025 04:44 PM
@Arne Bier wrote: If you have a Cisco Support Contract, I bet you they would offer to do the same for you too.
I might have to go that route. This place that I am working at has ZERO infrastructure for me to test. It is the US Federal government and the bureaucracy that I have to jump through is unbelievable. Fortunately, I only need to work for a few more years. After that, I am going to retire in Argentina
08-05-2025 10:46 PM
The decrease in your Palo Alto Networks (PAN) configuration backup file size from 500MB to 117MB is likely due to the initial backup including a wider range of data than subsequent backups. The first backup might have been a full snapshot, while later backups are incremental, only saving changes. Additionally, the initial size could have been inflated by logs, temporary files, or other data that are not part of the standard daily configuration backup (especially since you specified "no ADE-OS"). Over time, as your configurations settled and unnecessary data was pruned from the backup process, the file size would naturally shrink to reflect only the essential configuration data.
08-06-2025 01:04 PM
@pearl44snow wrote:The decrease in your Palo Alto Networks (PAN) configuration backup file size from 500MB to 117MB is likely due to the initial backup including a wider range of data than subsequent backups. The first backup might have been a full snapshot, while later backups are incremental, only saving changes. Additionally, the initial size could have been inflated by logs, temporary files, or other data that are not part of the standard daily configuration backup (especially since you specified "no ADE-OS"). Over time, as your configurations settled and unnecessary data was pruned from the backup process, the file size would naturally shrink to reflect only the essential configuration data.
Is this fact or just purely speculation on your part?
09-23-2025 04:01 AM
Starting with ISE 3.3 Patch 6, Cisco introduced a change to streamline backup packages only the primary backup instance log is retained by default. This reduces backup size and emphasizes essential configuration data.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide