Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4911
Views
20
Helpful
3
Replies

Cisco ISE

Amen
Level 1
Level 1

‎12-16-2021 08:03 AM

I'm looking for some assistance please. I'm struggling to find a table which details what each log file's purpose is on the CLI. For example:

What log files must I look at to troubleshoot active directory issues?

What log files must I look at to troubleshoot replication issues across the ISE deployment?

What log files must I look at to troubleshoot patch upgrade status on a particular node?

 

I'm looking for something like this:

 

Log file name

Function/purpose

replication.log

All replication status/updates that happen throughout the ISE deployment and any errors that might occur.

 

This information would need to cover both system and application based logs.

 

Can someone point me in the right direction please?

0 Helpful
3 Replies 3

Arne Bier
VIP
VIP

‎12-16-2021 01:19 PM

Hello @Amen 

 

The closest I have found and used in the past is this link here. It tells you which debugs to enable per problem category.

You can always tail the log output on the CLI instead of downloading the support bundle.

show logging application

and then tail the file you're debugging on

 show logging application ise-psc.log tail

Amen
Level 1
Level 1

‎12-17-2021 12:00 AM

your answer is perfect if the issue is still happening, but what if i want to know the root cause like for example why 

ISE Primary PAN did not sync secondary PAN about the new trusted certificates ? I solved the issue by doing a manel sync up but i want to know why this happened?

where i can check for that?

 

Thank you so much for your support

0 Helpful

Arne Bier
VIP
VIP
In response to Amen

‎12-17-2021 12:18 PM

If you're looking at root cause analysis then you can still use that Cisco link as a guide to find your way through the various log files ISE creates. ISE is constantly logging something. And the logs can be downloaded individually from the UI 

Operations >Troubleshoot > Download Logs > Debug Logs 

Or download a bunch of logs called a Support Bundle 

Operations >Troubleshoot > Download Logs > Support Bundle (tick the boxes, choose a date range)

If you're lucky enough, then the default logging level (normally "INFORMATIONAL") will provide some clues (assuming you have found the appropriate log file). But most of the time, INFO level won't tell you enough. So you need to crank up the Log Level to more detailed level - e.g. DEBUG (used in TAC cases). Then wait for the problem to happen again.

 

If you're a curious and patient person, then perhaps you'll find some clues. But I would recommend opening a TAC case - TAC engineers have tools to sift through the debugs and provide better insights - because they may have seen this problem before.

 

Customers Also Viewed These Support Documents