Data retention.

dazza_johnson · ‎04-02-2017

Hi there I am trying to understand how to ensure I retain data for my ISE deployment over the long term (lets assume 2 years).

I can see a couple of options, but not sure if I am missing some other methods.....

Option 1 - configure a remote logging (syslog) server and send all RADIUS/TACACS logs to this remote syslog server (as well as the local log collector on ISE)

Option 2 - under operational data purging there is an export repository. How does this work? It wasn't clear from documentation but I assume when data is purged it is sent to the repository I selected. i.e. If set to 30 days logs remain only on the ISE node for up to 30 days at which point they are exported to my respository and deleted from ISE disk? In addition, you can only export to an FTP server - is that right?

Some clarification on the above would be much appreciated, plus any other options that I may have missed.

Thanks

Darren

hslai · ‎04-03-2017

Option 1 is what we usually recommend. ISE M&T date is geared for session tracking and troubleshooting but not much for long term data retensions.

As to Option 2,

ISE will export the Radius and Tacacs data in csv format to an external repository before purging data. This data will be protected with encryption key.

You may also see it in Slide 22 of Designing ISE for Scale and High Availability (2017 Melbourne)

Another option is to schedule reports, which will save results in the repositories.