Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3173
Views
25
Helpful
7
Replies

How to get Radius error Diagnostic logs through ISE ERS API?

Go to solution
RakeshKulkarni82221
Level 1
Level 1

‎06-01-2020 02:56 PM

I want tp view "Radius errors" from "Report"--> "Diagnostic" section of GUI from ERS API,

I tried "mnt" url but i am getting 404 error,

is ot possible to view messages and filter messages based on the keywords?

Labels:
1 Accepted Solution

Accepted Solutions

Go to solution
hslai
Cisco Employee
Cisco Employee
In response to RakeshKulkarni82221

‎06-03-2020 07:10 PM

MNT APIs are on port 443 but not 9060.

However, it's not recommended to use MNT APIs for this type of monitoring. Instead, please either forward the ISE events to a remote syslog target and analyze them there or use pxGrid APIs.

View solution in original post

7 Replies 7

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎06-01-2020 03:08 PM

i was in the journey of looking at these features how API can pull the information outside.

 

maybe this API document helps you : (ignore if you come across this document).

 

https://developer.cisco.com/docs/identity-services-engine/#!setting-up

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
RakeshKulkarni82221
Level 1
Level 1
In response to balaji.bandi

‎06-01-2020 03:27 PM

I have setup my account and i can pull basic stuff like internalUsers and all, but i needed any document that has pulling the logs like radius errors and live session logs.
0 Helpful

Go to solution
Greg Gibbs
Cisco Employee
Cisco Employee
In response to RakeshKulkarni82221

‎06-01-2020 05:32 PM

The Monitoring REST APIs are mainly to gather information about active sessions or the MnT nodes themselves. While you can get some Failure Reason info from the API, it would mainly be for active/recent sessions and not useful for historical data.

Most customers send all auth events to an external Syslog server (like Splunk) and use the correlation and dashboard functionalities in that platform for historical data.

Go to solution
thomas
Cisco Employee
Cisco Employee

‎06-02-2020 03:10 PM - edited ‎06-02-2020 03:11 PM

"mnt" is not a valid URL which is why you got a 404. Please be very specific about your inputs and outputs so we can help faster. See How to Ask The Community for Help.

The description of the Operations > Reports > Diagnostics > RADIUS Errors report says it "... enables you to check for RADIUS Requests Dropped, EAP connection time outs and unknown NADs".

The ISE Monitoring REST APIs > Supported API Calls are the closest thing to what you want.

The FailureReasons call simply returns a dump of all errors listed in the ISE Message Catalog (Administration > Logging > Message Catalog) so that will not help you until you want to know what a particular error means or what to do next to troubleshoot it.

The closest option is the AuthStatus call

https://<ISEhost>/admin/API/mnt/AuthStatus/MACAddress/<macaddress>/<numberofseconds>/<numberofrecordspermacaddress>/All

however it requires you to specify a single MAC address as an argument. Also it will not give you a list of all Drops, Timeouts, or Unknown NADs only Passed/Failed authentications for the single MAC.

If you want Passed/Failed messages of specific endpoints then AuthStatus can work for you.

curl -s -k --header 'Accept: application/xml' --user admin:C1sco12345 https://198.18.133.27/admin/API/mnt/AuthStatus/MACAddress/DEADBEEFCAFE/3600/100/All | xmllint --format - | grep fail

<failed xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:boolean">false</failed>
<failed xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:boolean">false</failed>
<failed xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:boolean">true</failed>
<failure_reason>22056 Subject not found in the applicable identity store(s)</failure_reason>

 

 

 

Go to solution
RakeshKulkarni82221
Level 1
Level 1
In response to thomas

‎06-03-2020 07:43 AM

I have my monitoring node IP address and the user-id i am using is under (Super Admin, System Admin, MnT Admin)
but when i issue the request to url "https://monitoring_node_ip:9060/admin/API/mnt/Version" and also url r"https://monitoring_node_ip:9060/admin/API/mnt/Session/ActiveCount",

but i get 404 error
0 Helpful

Go to solution
hslai
Cisco Employee
Cisco Employee
In response to RakeshKulkarni82221

‎06-03-2020 07:10 PM

MNT APIs are on port 443 but not 9060.

However, it's not recommended to use MNT APIs for this type of monitoring. Instead, please either forward the ISE events to a remote syslog target and analyze them there or use pxGrid APIs.

Go to solution
RakeshKulkarni82221
Level 1
Level 1
In response to hslai

‎06-03-2020 08:41 PM

This resolved my issue and however we also need to use "xml" as accept type in headers otherwise we get http 406 error code.

Thanks and i will look into transferring logs to external syslog server.
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents