Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1476
Views
15
Helpful
6
Replies

Cisco ISE - New Deployment

Go to solution
LovejitSingh130013
Level 1
Level 1

‎01-10-2023 07:12 AM

Hello experts,

I have ISE two PSNs (Primary & Secondary)  and setup 802.1x authentication for WIFI using certs.

I have seen ISE by default is providing logs only for 24 hours.  Is there a way to increase Retention on ISE?

Also, How to find the current log storage on ISE? 

I can see Authentication logs and Authorization logs but don't see disconnecting logs. Is there any way to make sure I have a log when the device gets disconnected? 

Thanks,

DJ

0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP
In response to LovejitSingh130013

‎01-10-2023 08:26 AM

@LovejitSingh130013 where are you expecting to see a disconnect? ....this won't be reported in the live logs. The "Live Sessions" will tell you the live sessions and any terminated session (for a period).

Refer to the data purge for information on retention. - https://www.cisco.com/c/en/us/td/docs/security/ise/3-0/admin_guide/b_ISE_admin_3_0/b_ISE_admin_30_deployment.html#id_39776

 

View solution in original post

Go to solution
Marcelo Morais
VIP
VIP
In response to LovejitSingh130013

‎01-11-2023 07:00 PM

Hi @LovejitSingh130013 ,

 Live Logs was designed to show the Latest 100 records, Within up to 24h:

Live Logs.png

 If you need more than 7 days you must use the Operations > Reports > Reports.

Hope this helps !!!

View solution in original post

0 Helpful
6 Replies 6

Go to solution
Rob Ingram
VIP
VIP

‎01-10-2023 07:16 AM

@LovejitSingh130013 ISE live logs are only accessible in the GUI for 24 hours, but you can run a report for anything older or export to a log server.

Do you have accounting configured on the NAD (switch, WLC etc)?

Go to solution
LovejitSingh130013
Level 1
Level 1
In response to Rob Ingram

‎01-10-2023 07:58 AM

Hello Rob, 

Yes, Accounting is enabled on all WLC, and ISE is added as an Accounting server with port 1813. 

Does Report will provide all the older log entries?  whats the default retention on report?

0 Helpful

Go to solution
Rob Ingram
VIP
VIP
In response to LovejitSingh130013

‎01-10-2023 08:26 AM

@LovejitSingh130013 where are you expecting to see a disconnect? ....this won't be reported in the live logs. The "Live Sessions" will tell you the live sessions and any terminated session (for a period).

Refer to the data purge for information on retention. - https://www.cisco.com/c/en/us/td/docs/security/ise/3-0/admin_guide/b_ISE_admin_3_0/b_ISE_admin_30_deployment.html#id_39776

 

Go to solution
Marcelo Morais
VIP
VIP

‎01-10-2023 09:06 PM

Hi @LovejitSingh130013 

 default Local Log Settings: 30 days (at Administration > System > Logging > Log Settings

Log Settings.png

 also take a look at Operational Data Purging (at Administration > System > Maintenance), the default Data Retention Period for RADIUS and TACACS is 30:

Operational Data Purging.png

 

Hope this helps !!!

 

 

Go to solution
LovejitSingh130013
Level 1
Level 1
In response to Marcelo Morais

‎01-11-2023 07:53 AM

Hello @Marcelo Morais 

Does this mean, when I change the default Local log settings to 7 days, I will able to see/search logs for more than one day within ISE live logs?   

Thanks,

 

0 Helpful

Go to solution
Marcelo Morais
VIP
VIP
In response to LovejitSingh130013

‎01-11-2023 07:00 PM

Hi @LovejitSingh130013 ,

 Live Logs was designed to show the Latest 100 records, Within up to 24h:

Live Logs.png

 If you need more than 7 days you must use the Operations > Reports > Reports.

Hope this helps !!!

0 Helpful
Customers Also Viewed These Support Documents