Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2470
Views
5
Helpful
2
Replies

ISE 2.4 live log secondary

Go to solution
GERALD LECAILLIER
Level 1
Level 1

‎02-13-2019 05:24 AM - edited ‎03-11-2019 01:55 AM

Hello

 

We have 2 ISE 2.4 patch 5

ISE 1: primary PAN / secondary MnT

ISE 2: secondary PAN / primary MnT

 

For tests, we shut ISE 1. ISE 2 seems to work fine; but there are no live logs in the menu, only the "administration" menu.

In previous version I think there were presents, is there a way to display these live logs on secondary ISE ?

 

Thanks

 

Regards

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Damien Miller
VIP Alumni
VIP Alumni

‎02-13-2019 10:15 AM

You can only view the live logs from the primary admin node GUI. When you shut down your "ISE 1" node you are shutting down the primary admin node. In order for "ISE 2" GUI to display the logs, it must become the primary admin node. You would have to promote the ISE 2 node to be the primary admin node which causes the node to restart.

If you were to have separate Admin and MNT nodes this would have slightly different behavior and it helps explain what is happening. For this example lets say you have ISE 1, 2, 3 and 4.
ISE 1 - Primary Admin
ISE 2 - Secondary Admin
ISE 3 - Primary MNT
ISE 4 - Secondary MNT

You could turn off ISE 3 and without doing anything else and the GUI on ISE 1 primary admin node would still display live logs. Both MNT nodes are active and collecting the logs from authentication activity. If you were to shut off 4 and leave 3 powered on, there would also be no discernible difference. MNT nodes can be thought of as active/active, their "failover" requires no interaction. The admin node pulls data from the available MNT.

In the same example, if you were to shut down ISE 1, the primary admin node, and then log in to ISE 2. You would find there is a limited menu and no live logs to be seen. This is the situation you would be seeing when you turn off your ISE 1 node. The secondary admin node would have to be promoted to primary in order for you to see any of the configuration or monitoring menus.

In hybrid and distributed environments you can automate the failover of the admin nodes. In standalone deployments with 2 nodes I would not recommend trying to promote the secondary admin in a failed state because you will restart your only remaining node. There will be nothing left running to authenticate clients.


So coming back around, you can only view live logs from the primary admin node GUI and it always pulls the logs to display from the primary MNT. If the primary MNT is not available, then pulls logs from the secondary MNT to display. I will add a final "but" statement because it's technically an option. You can view logs from the secondary MNT via the CLI if you tail some of the log files, not really a glamorous option.

View solution in original post

2 Replies 2

Go to solution
Damien Miller
VIP Alumni
VIP Alumni

‎02-13-2019 10:15 AM

You can only view the live logs from the primary admin node GUI. When you shut down your "ISE 1" node you are shutting down the primary admin node. In order for "ISE 2" GUI to display the logs, it must become the primary admin node. You would have to promote the ISE 2 node to be the primary admin node which causes the node to restart.

If you were to have separate Admin and MNT nodes this would have slightly different behavior and it helps explain what is happening. For this example lets say you have ISE 1, 2, 3 and 4.
ISE 1 - Primary Admin
ISE 2 - Secondary Admin
ISE 3 - Primary MNT
ISE 4 - Secondary MNT

You could turn off ISE 3 and without doing anything else and the GUI on ISE 1 primary admin node would still display live logs. Both MNT nodes are active and collecting the logs from authentication activity. If you were to shut off 4 and leave 3 powered on, there would also be no discernible difference. MNT nodes can be thought of as active/active, their "failover" requires no interaction. The admin node pulls data from the available MNT.

In the same example, if you were to shut down ISE 1, the primary admin node, and then log in to ISE 2. You would find there is a limited menu and no live logs to be seen. This is the situation you would be seeing when you turn off your ISE 1 node. The secondary admin node would have to be promoted to primary in order for you to see any of the configuration or monitoring menus.

In hybrid and distributed environments you can automate the failover of the admin nodes. In standalone deployments with 2 nodes I would not recommend trying to promote the secondary admin in a failed state because you will restart your only remaining node. There will be nothing left running to authenticate clients.


So coming back around, you can only view live logs from the primary admin node GUI and it always pulls the logs to display from the primary MNT. If the primary MNT is not available, then pulls logs from the secondary MNT to display. I will add a final "but" statement because it's technically an option. You can view logs from the secondary MNT via the CLI if you tail some of the log files, not really a glamorous option.

Go to solution
GERALD LECAILLIER
Level 1
Level 1
In response to Damien Miller

‎02-18-2019 02:45 AM

Hello,

 

Thanks a lot for the explanation.

 

What is a pity is that in previous version, we had log on the ISE 2 (secondary PAN, primary Mnt)

 

Thanks ;)

0 Helpful
Customers Also Viewed These Support Documents