Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1743
Views
10
Helpful
3
Replies

Dedicated Monitoring Node not sending data to remote targets

Go to solution
jamie.leclair@canada.ca
Level 1
Level 1

‎03-09-2021 05:20 AM

We have ISE 2.4 Patch 13

 

I have a 6 node deployment;

 

Node0 = Pri-ADM; Sec-MON

Node1 = Pri-MON; Sec-ADM

The rest are policy nodes

 

My issue is that I log all the servers to a remote-target (Splunk) so I can monitor their vitals, but for some odd reason I do not receive anything from Node1. I get data from all of the other nodes, besides the MONITORING node.

 

Wondering if anyone else has also experienced this and/or has some insight or a fix I might be able to look into.

 

Thanks!

Jamie

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marcelo Morais
VIP
VIP

‎03-09-2021 04:52 PM

Hi jamie.leclair@canada.ca 

 at 

Administration > System > Logging > Remote Logging Targets

check if the LogCollector (your Pri MnT) is enabled.

then at 

Administration > System > Logging > Logging Categories

check if the LogCollector is configured at the Targets column.

 

Hope this helps !!!

 

 

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Marcelo Morais
VIP
VIP

‎03-09-2021 04:52 PM

Hi jamie.leclair@canada.ca 

 at 

Administration > System > Logging > Remote Logging Targets

check if the LogCollector (your Pri MnT) is enabled.

then at 

Administration > System > Logging > Logging Categories

check if the LogCollector is configured at the Targets column.

 

Hope this helps !!!

 

 

0 Helpful

Go to solution
jamie.leclair@canada.ca
Level 1
Level 1
In response to Marcelo Morais

‎03-11-2021 04:37 AM

Marcelo,

 

Thanks for your reply.

 

Yes the Primary is enabled, and the log collector is set on the targets. So unfortunately that cannot be it.

 

Also, my issue really isn't that data isn't making it to the pri-mon server; its that the pri-mon server isn't sending data to my remote syslog solution (Splunk). All of the other 5 servers show up just fine, but the pri-mon node doesn't appear to even attempt to send any data to Splunk.

 

Jamie

 

Go to solution
jamie.leclair@canada.ca
Level 1
Level 1
In response to Marcelo Morais

‎03-11-2021 05:04 AM - edited ‎03-11-2021 05:04 AM

Marcelo,

 

Just wanted to thank you again for taking the time to give me something to look at.

 

I decided to run a tcpdump on the pri-monitoring node and then determined syslogs were in fact going out.. so I checked my log collector configuration within my Splunk solution and it appears I fat fingered the defining of that device.. so it was never showing up. So ultimately the underlying issue was a type-o outside of ISE.

 

 

Customers Also Viewed These Support Documents