cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

373
Views
25
Helpful
7
Replies
Highlighted

How to get Radius error Diagnostic logs through ISE ERS API?

I want tp view "Radius errors" from "Report"--> "Diagnostic" section of GUI from ERS API,

I tried "mnt" url but i am getting 404 error,

is ot possible to view messages and filter messages based on the keywords?

Everyone's tags (3)
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Cisco Employee

Re: How to get Radius error Diagnostic logs through ISE ERS API?

MNT APIs are on port 443 but not 9060.

However, it's not recommended to use MNT APIs for this type of monitoring. Instead, please either forward the ISE events to a remote syslog target and analyze them there or use pxGrid APIs.

View solution in original post

7 REPLIES 7
Highlighted
VIP Mentor

Re: How to get Radius error Diagnostic logs through ISE ERS API?

i was in the journey of looking at these features how API can pull the information outside.

 

maybe this API document helps you : (ignore if you come across this document).

 

https://developer.cisco.com/docs/identity-services-engine/#!setting-up

BB
*** Rate All Helpful Responses ***
Highlighted

Re: How to get Radius error Diagnostic logs through ISE ERS API?

I have setup my account and i can pull basic stuff like internalUsers and all, but i needed any document that has pulling the logs like radius errors and live session logs.
Highlighted
Cisco Employee

Re: How to get Radius error Diagnostic logs through ISE ERS API?

The Monitoring REST APIs are mainly to gather information about active sessions or the MnT nodes themselves. While you can get some Failure Reason info from the API, it would mainly be for active/recent sessions and not useful for historical data.

Most customers send all auth events to an external Syslog server (like Splunk) and use the correlation and dashboard functionalities in that platform for historical data.

Highlighted
Cisco Employee

Re: How to get Radius error Diagnostic logs through ISE ERS API?

"mnt" is not a valid URL which is why you got a 404. Please be very specific about your inputs and outputs so we can help faster. See How to Ask The Community for Help.

The description of the Operations > Reports > Diagnostics > RADIUS Errors report says it "... enables you to check for RADIUS Requests Dropped, EAP connection time outs and unknown NADs".

The ISE Monitoring REST APIs > Supported API Calls are the closest thing to what you want.

The FailureReasons call simply returns a dump of all errors listed in the ISE Message Catalog (Administration > Logging > Message Catalog) so that will not help you until you want to know what a particular error means or what to do next to troubleshoot it.

The closest option is the AuthStatus call

https://<ISEhost>/admin/API/mnt/AuthStatus/MACAddress/<macaddress>/<numberofseconds>/<numberofrecordspermacaddress>/All

however it requires you to specify a single MAC address as an argument. Also it will not give you a list of all Drops, Timeouts, or Unknown NADs only Passed/Failed authentications for the single MAC.

If you want Passed/Failed messages of specific endpoints then AuthStatus can work for you.

curl -s -k --header 'Accept: application/xml' --user admin:C1sco12345 https://198.18.133.27/admin/API/mnt/AuthStatus/MACAddress/DEADBEEFCAFE/3600/100/All | xmllint --format - | grep fail

<failed xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:boolean">false</failed>
<failed xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:boolean">false</failed>
<failed xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:boolean">true</failed>
<failure_reason>22056 Subject not found in the applicable identity store(s)</failure_reason>

 

 

 

Highlighted

Re: How to get Radius error Diagnostic logs through ISE ERS API?

I have my monitoring node IP address and the user-id i am using is under (Super Admin, System Admin, MnT Admin)
but when i issue the request to url "https://monitoring_node_ip:9060/admin/API/mnt/Version" and also url r"https://monitoring_node_ip:9060/admin/API/mnt/Session/ActiveCount",

but i get 404 error
Highlighted
Cisco Employee

Re: How to get Radius error Diagnostic logs through ISE ERS API?

MNT APIs are on port 443 but not 9060.

However, it's not recommended to use MNT APIs for this type of monitoring. Instead, please either forward the ISE events to a remote syslog target and analyze them there or use pxGrid APIs.

View solution in original post

Highlighted

Re: How to get Radius error Diagnostic logs through ISE ERS API?

This resolved my issue and however we also need to use "xml" as accept type in headers otherwise we get http 406 error code.

Thanks and i will look into transferring logs to external syslog server.