Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
1408
Views
0
Helpful
7
Replies

Export and API Questions

Go to solution
Tom Raes
Level 1
Level 1

‎12-18-2017 06:55 AM

Hi,

  I have a couple for unrelated questions that I'd like to have answered.

  1. Exporting data from ISE to either a Local vs. Repository (CVF).  What is the difference between the two?
  2. Accessing the ISE data through an API.  Is there any limitations on the data you can access?
  3. Do you have any API coding examples?

Thanks

Tom Raes

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Craig Hyps
Level 10
Level 10

‎12-18-2017 07:58 AM

  1. Local typically refers to local disk on ISE Server, usually under /localdisk.  Repositories can actually reference local disk or network storage.  If wish to export data to a network share accessible to ISE via HTTP/S, SFTP, SCP, TFTP, FTP, etc, then create repository from admin UI under Administration > Maintenance (preferred), or specific to node under CLI.
  2. Yes. Please refer to ISE API Command Reference for details on data available via REST Monitoring API and ERS API.
  3. Best resource is online sdk.  Once ERS enabled via Admin node and ERS account created (as covered in Command Reference), you can access Primary PAN @ https://<primary_pan>:9060/ers/sdk.  You will see examples and also demo there.  You can also find examples in Community.

/Craig

View solution in original post

0 Helpful
7 Replies 7

Go to solution
Craig Hyps
Level 10
Level 10

‎12-18-2017 07:58 AM

  1. Local typically refers to local disk on ISE Server, usually under /localdisk.  Repositories can actually reference local disk or network storage.  If wish to export data to a network share accessible to ISE via HTTP/S, SFTP, SCP, TFTP, FTP, etc, then create repository from admin UI under Administration > Maintenance (preferred), or specific to node under CLI.
  2. Yes. Please refer to ISE API Command Reference for details on data available via REST Monitoring API and ERS API.
  3. Best resource is online sdk.  Once ERS enabled via Admin node and ERS account created (as covered in Command Reference), you can access Primary PAN @ https://<primary_pan>:9060/ers/sdk.  You will see examples and also demo there.  You can also find examples in Community.

/Craig

0 Helpful

Go to solution
Tom Raes
Level 1
Level 1
In response to Craig Hyps

‎12-18-2017 10:51 AM

Would there be an API that could get me this information?

https://ftwyinax-ise.corp.pvt/admin/#monitor/operations_reportsV2

I'm trying to get Radius Authentication Failures

0 Helpful

Go to solution
Craig Hyps
Level 10
Level 10
In response to Tom Raes

‎12-18-2017 12:21 PM

Monitoring API is not a substitute for Operational reports, but it is possible to query for auth failures along with reason...

https://<mnt_ip_address>/admin/API/mnt/AuthStatus/MACAddress/4C:EB:42:C7:95:8E/90000/100/All

After running commands above, it is possible to run query on Failure Reasons which provides some more detail on failure and possible issues.

https://<mnt_ip_address>/admin/API/mnt/FailureReasons although don’t know of way to show only specific reason.  Maybe an xml reader can do this simply.

/Craig

0 Helpful

Go to solution
Tom Raes
Level 1
Level 1
In response to Craig Hyps

‎12-18-2017 12:50 PM

According to your examples, it appears that you are going after a specific Host / MAC Address?  What I am looking for is just a count of devices by failure.  This is mainly for trend analysis.  Example below:

0 Helpful

Go to solution
Craig Hyps
Level 10
Level 10
In response to Tom Raes

‎12-19-2017 06:36 AM

As stated, the Monitoring API is intended for specific monitoring and troubleshooting scenarios and is NOT a replacement for Admin reports.  It is also possible to send logging to external collector/SIEM and to generate other ad-hoc reports of interest.

Please review API capabilities as provided in ISE documentation here and if wish to request additional functionality, please reach out to Cisco sales team to provide details on the enhancement request.

If a specific feature is not working as specified, then please open a TAC case.  In the one example I provided, I note that the target is MNT node whereas in your attempt to replicate, the error message clearly states that you have tried to run command against a non-MnT node.  ERS is executed against Primary PAN.  Monitoring APIs are run against MNT node.

Regards,

Craig

0 Helpful

Go to solution
Tom Raes
Level 1
Level 1
In response to Craig Hyps

‎12-20-2017 04:40 AM

This is what I see when I try to use an example. Am I doing something wrong?

0 Helpful

Go to solution
Craig Hyps
Level 10
Level 10
In response to Tom Raes

‎12-20-2017 07:25 AM

As per previous reply...  "In the one example I provided, I note that the target is MNT node whereas in your attempt to replicate, the error message clearly states that you have tried to run command against a non-MnT node.  ERS is executed against Primary PAN.  Monitoring APIs are run against MNT node."

<internal-error-info> This host is not a MnT node.  MnT REST APIs can not be executed on this node </internal-error-info>

The error message is stating that you are not running the query against your MnT node.  Be sure the FQDN/IP in API query is pointed at the ISE server running MnT.  If still not working, please open a TAC case to help troubleshoot.

Regards,

C

0 Helpful
Customers Also Viewed These Support Documents
Top