Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2207
Views
0
Helpful
4
Replies

Cisco ISE logs

pipkin231
Level 1
Level 1

‎05-03-2018 01:10 AM - edited ‎02-21-2020 10:55 AM

Hi all,

   I have ISE logs in GPG format. Is there anyway i can read the file ? I am trying to troubleshoot wireless issue . The mobile devices suddenly disconnect from wifi.

Labels:
0 Helpful
4 Replies 4

M. Wisely
Level 4
Level 4

‎05-03-2018 03:48 AM

So when you went to download the logs you either selected Public Key Encryption or Shared Key Encryption. If you selected the latter you can decrypt the file with the key you provided but if you selected the former only Cisco can decrypt it.

0 Helpful

Arne Bier
VIP
VIP
In response to M. Wisely

‎05-03-2018 04:04 PM

That's it - only Cisco hold the private key to decrypt the file that was encrypted with the public key.  BUT - if you encrypted the files with a shared key, then decrypting the file is a doddle.

Windows:  Install GpgEx (open source)

Unix: gpg -v --batch --yes --passphrase Encryption123 -d Mylogs.tar.gpg > Mylogs.tar

The encrypted file is Mylogs.tar.gpg and the shared key is Encryption123

The result is redirected to a file called Mylogs.tar - then use the regular tools like

tar tvf Mylogs.tar    to view contents of the tar bundle

tar xvf Mylogs.tar   to extract contents

 

I use this all the time to drive myself crazy about the junk that Cisco puts into ISE Config backups.  In my case the file is 500MB (compressed) and when uncomressed I have 8GB of debug logs.  If Cisco were to stop spamming the backup file with junk, it should be in the order of 10MB in my case.

0 Helpful

ajc
Level 7
Level 7

‎05-03-2018 06:02 AM

Usually Wireless disconnections has nothing to do with ISE because the WLC is the one that determines the session timeout and some others timers. First thing I would check is the idle/session timeout configured on the WLC (global setup) or the SSID session timeout. Another reason could be roaming. If you are using 802.1x there is no way you can avoid that disconnection no matter you have session resume enabled (this topic was discussed extensively with Cisco and it is a normal behavior on PEAP / EPA-TLS) BUT available on WLC version 8.3+, fast transition for Apple Devices only can help you with the roaming disconnection behavior.

 

Have you seen on ISE many 5440 error codes?. 

 

In addition to that, using wildcard cert on ISE helps a little bit with the roaming issue.

 

0 Helpful

ajc
Level 7
Level 7

‎05-03-2018 06:03 AM

take a look here as well

 

https://clnv.s3.amazonaws.com/2015/usa/pdf/BRKSEC-3697.pdf

 

Slides 42-47

0 Helpful
Customers Also Viewed These Support Documents