Cisco Community
English
Register
The War in Ukraine - Supporting customers, partners and communities. LEARN MORE
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

2351
Views
25
Helpful
7
Replies
RakeshKulkarni82221
Beginner
Beginner
‎06-01-2020 02:56 PM
‎06-01-2020 02:56 PM

How to get Radius error Diagnostic logs through ISE ERS API?

I want tp view "Radius errors" from "Report"--> "Diagnostic" section of GUI from ERS API,

I tried "mnt" url but i am getting 404 error,

is ot possible to view messages and filter messages based on the keywords?

Labels:
1 ACCEPTED SOLUTION

Accepted Solutions
hslai
Cisco Employee
Cisco Employee
In response to RakeshKulkarni82221
‎06-03-2020 07:10 PM
‎06-03-2020 07:10 PM

MNT APIs are on port 443 but not 9060.

However, it's not recommended to use MNT APIs for this type of monitoring. Instead, please either forward the ISE events to a remote syslog target and analyze them there or use pxGrid APIs.

View solution in original post

7 REPLIES 7
balaji.bandi
VIP Guru VIP Guru
VIP Guru
‎06-01-2020 03:08 PM
‎06-01-2020 03:08 PM

i was in the journey of looking at these features how API can pull the information outside.

 

maybe this API document helps you : (ignore if you come across this document).

 

https://developer.cisco.com/docs/identity-services-engine/#!setting-up

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
RakeshKulkarni82221
Beginner
Beginner
In response to balaji.bandi
‎06-01-2020 03:27 PM
‎06-01-2020 03:27 PM

I have setup my account and i can pull basic stuff like internalUsers and all, but i needed any document that has pulling the logs like radius errors and live session logs.
0 Helpful
Greg Gibbs
Cisco Employee
Cisco Employee
In response to RakeshKulkarni82221
‎06-01-2020 05:32 PM
‎06-01-2020 05:32 PM

The Monitoring REST APIs are mainly to gather information about active sessions or the MnT nodes themselves. While you can get some Failure Reason info from the API, it would mainly be for active/recent sessions and not useful for historical data.

Most customers send all auth events to an external Syslog server (like Splunk) and use the correlation and dashboard functionalities in that platform for historical data.

thomas
Cisco Employee
Cisco Employee
‎06-02-2020 03:10 PM
‎06-02-2020 03:10 PM

"mnt" is not a valid URL which is why you got a 404. Please be very specific about your inputs and outputs so we can help faster. See How to Ask The Community for Help.

The description of the Operations > Reports > Diagnostics > RADIUS Errors report says it "... enables you to check for RADIUS Requests Dropped, EAP connection time outs and unknown NADs".

The ISE Monitoring REST APIs > Supported API Calls are the closest thing to what you want.

The FailureReasons call simply returns a dump of all errors listed in the ISE Message Catalog (Administration > Logging > Message Catalog) so that will not help you until you want to know what a particular error means or what to do next to troubleshoot it.

The closest option is the AuthStatus call

https://<ISEhost>/admin/API/mnt/AuthStatus/MACAddress/<macaddress>/<numberofseconds>/<numberofrecordspermacaddress>/All

however it requires you to specify a single MAC address as an argument. Also it will not give you a list of all Drops, Timeouts, or Unknown NADs only Passed/Failed authentications for the single MAC.

If you want Passed/Failed messages of specific endpoints then AuthStatus can work for you.

curl -s -k --header 'Accept: application/xml' --user admin:C1sco12345 https://198.18.133.27/admin/API/mnt/AuthStatus/MACAddress/DEADBEEFCAFE/3600/100/All | xmllint --format - | grep fail

<failed xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:boolean">false</failed>
<failed xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:boolean">false</failed>
<failed xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:boolean">true</failed>
<failure_reason>22056 Subject not found in the applicable identity store(s)</failure_reason>

 

 

 

RakeshKulkarni82221
Beginner
Beginner
In response to thomas
‎06-03-2020 07:43 AM
‎06-03-2020 07:43 AM

I have my monitoring node IP address and the user-id i am using is under (Super Admin, System Admin, MnT Admin)
but when i issue the request to url "https://monitoring_node_ip:9060/admin/API/mnt/Version" and also url r"https://monitoring_node_ip:9060/admin/API/mnt/Session/ActiveCount",

but i get 404 error
0 Helpful
hslai
Cisco Employee
Cisco Employee
In response to RakeshKulkarni82221
‎06-03-2020 07:10 PM
‎06-03-2020 07:10 PM

MNT APIs are on port 443 but not 9060.

However, it's not recommended to use MNT APIs for this type of monitoring. Instead, please either forward the ISE events to a remote syslog target and analyze them there or use pxGrid APIs.

RakeshKulkarni82221
Beginner
Beginner
In response to hslai
‎06-03-2020 08:41 PM
‎06-03-2020 08:41 PM

This resolved my issue and however we also need to use "xml" as accept type in headers otherwise we get http 406 error code.

Thanks and i will look into transferring logs to external syslog server.
0 Helpful
Latest Contents
Network Security All-in-one ASA FTD WSA Umbrella ISE VPN Lay...
Created by Meddane on 05-17-2022 06:18 AM
0
0
0
0
Multiple Cisco Security Technologies in a single book : ASA Firepower, WSA, Umbrella, ISE and VPN with 100 percent 100 practical scenarios with 70 Labs to cover important topics of the Cisco SCOR Exam. The best part is ISE with interesting scenarios wi... view more
Understanding IP Layer Enforcement on Cisco Umbrella
Created by Meddane on 05-17-2022 03:10 AM
0
0
0
0
Cisco Umbrella is a big DNS service that provides not only the DNS resolution but also if the hosted website is trust or malicious, the idea behind the Layer DNS Security is that the modern attacks uses the DNS in the first step either to redirect the use... view more
Cisco ISE Integration With F5 BIG-IP LTM Load Balancer for G...
Created by Meddane on 05-15-2022 02:24 AM
0
0
0
0
I shared with you this detailed document I created with 27 pages about Cisco ISE Integration With F5 BIG-IP Locar Traffic Manager LTM Load Balancer for Guest Acces.   The method used for Guest Access is the Self-Registration. Healt Monitor using HTTP... view more
Cisco ASA 9.714 version SNMP not working in EVE-NG LAB Envir...
Created by waqas.muhammad49 on 05-10-2022 06:56 AM
0
0
0
0
I created an IPSEC Site to site Tunnel between two ASA Firewalls in EVE-NG topology and i want to plot the IPSEC Site to Site VPN graph on PRTG ? The SNMP Walk command is not getting any output . As the firewall is making SNMP inbound connections with the... view more
ISE Integration with Eduroam External Server
Created by deepuvarghese1 on 05-09-2022 08:31 PM
3
20
3
20
The purpose of this document is to demonstrate how ISE can integrate with an eduroam external server which is a WI-Fi roaming service that provides international access to devices in education, research, and higher education. Students, teachers, and resea... view more
Ask a Question
Create
+ Discussion
+ Blog
+ Document
+ Video
+ Project Story
Find more resources
Discussions
Blogs
Documents
Events
Videos
Project Gallery
New Community Member Guide
Related support document topics
Recognize Your Peers
Spotlight Award Nomination
Content for Community-Ad

ISE Webinars

Miss a previous ISE webinar?
Never miss one again!

CiscoISE on YouTube