Solved: ISE deployment sync - auth. logs

peter.matuska1 · ‎07-28-2021

Hi,

I have a deployment with 2 nodes. I had to reinstall a broken node. When I joined the new node to the deployment, sync finished successfully but authentication logs were not synchronised. How to force ISE to send all historical authentication logs from the old node to the new one? Is it possible or should I have to do operational backup and then restore it on the new node and after that join the new node to the deployment?

thank you

Damien Miller · ‎07-28-2021

There is no capability to sync the existing logs over to the replacement MNT node, but as you pointed out, you are able to perform an operational backup, and restore that to the other MNT node. This can be a pretty slow process, it works, but not too many people take the effort to do it after a rebuild.

By default ISE only stores 30 days of TACACS/RADIUS logs, so if you're running a default retention period, then after 30 days both MNT nodes will have a consistent history. In the mean time you could run the Primary MNT role on the node that wasn't rebuilt to view the past logs while they gradually come in to sync.

View solution in original post

Damien Miller · ‎07-28-2021

There is no capability to sync the existing logs over to the replacement MNT node, but as you pointed out, you are able to perform an operational backup, and restore that to the other MNT node. This can be a pretty slow process, it works, but not too many people take the effort to do it after a rebuild.

By default ISE only stores 30 days of TACACS/RADIUS logs, so if you're running a default retention period, then after 30 days both MNT nodes will have a consistent history. In the mean time you could run the Primary MNT role on the node that wasn't rebuilt to view the past logs while they gradually come in to sync.