Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
882
Views
5
Helpful
3
Replies

External Syslog Sizing ISE

Go to solution
hsangral
Cisco Employee
Cisco Employee

‎03-04-2019 09:13 AM

Hello

 

Need help in finding the size of a syslog message in case of device Admin function for both Tacacs and radius when syslog are sent to external logging servers

 

0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Damien Miller
VIP Alumni
VIP Alumni

‎03-04-2019 04:49 PM

What mnagired posted are the published guidelines for log storage. If the deployment already exists then there is an easy method of confirming space. This ISE GUI page will show you what's currently being stored for the past 30 days.
https://<ise ip>/admin/#administration/administration_system/administration_system_backup/data_purging

What actually gets sent to the external syslog server, is everything you see in the authentication details log. No way to change the data that is being sent, only selecting the categories. The message size differs a little bit based on various components of your config because things like network device groups, AD details (number of domains found) etc are different for every deployment.

View solution in original post

0 Helpful

Go to solution
Arne Bier
VIP
VIP

‎03-05-2019 06:31 PM

To get an idea of the actual UDP packet, just enable any external syslog logging host (doesn't have to be a valid IP) and then run a tcpdump on ISE PAN node.  You will be able to capture the UDP data.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
mnagired
Cisco Employee
Cisco Employee

‎03-04-2019 03:50 PM

Hi,

 

Let me know if this is what you looking for??

 

Number of sessions per day:  4

Number of commands:            10

Message Size /session (KB) = 5kB + Number of commands/session *3kB

Automated access(single script) log size calculation =  n Number of devices * 4 Sessions * Message size

E.g. : Log Size for 30k Network devices = 4GB/day

Go to solution
Damien Miller
VIP Alumni
VIP Alumni

‎03-04-2019 04:49 PM

What mnagired posted are the published guidelines for log storage. If the deployment already exists then there is an easy method of confirming space. This ISE GUI page will show you what's currently being stored for the past 30 days.
https://<ise ip>/admin/#administration/administration_system/administration_system_backup/data_purging

What actually gets sent to the external syslog server, is everything you see in the authentication details log. No way to change the data that is being sent, only selecting the categories. The message size differs a little bit based on various components of your config because things like network device groups, AD details (number of domains found) etc are different for every deployment.
0 Helpful

Go to solution
Arne Bier
VIP
VIP

‎03-05-2019 06:31 PM

To get an idea of the actual UDP packet, just enable any external syslog logging host (doesn't have to be a valid IP) and then run a tcpdump on ISE PAN node.  You will be able to capture the UDP data.

0 Helpful
Customers Also Viewed These Support Documents