Showing results for 
Search instead for 
Did you mean: 

ISE logging filter


Hi all,


we noticed that our operational backup is now up to 25GB large, which is too large from our perspectiv. After some research we found out, that with deploying DNA Center, the amount of authorization log data incrises rapidly. This is because DNAC is collecting a lot of show outputs, when you enable device controlability. This kind of logs have no benefit to us, so we want to implement a filter, which drops all authorization logs from a special user starting with "show". Does someone know, if this is possible and how to configure such a filter?


Best regards,


1 Reply 1

Damien Miller
VIP Advisor VIP Advisor
VIP Advisor

Most deployments don't back up the operational logs and just accept that in the event of monitoring node failures they just lose the historical logging. Most send the syslogs they want to something like splunk anyways. Losing the operation logs is an admin impact, and not a functional one. 


You can filter your TACACS/RADIUS logs in the way you want by setting up a collection filter. You can do this from administration > logging > collection filters.

https://<ise admin ip>/admin/#administration/administration_system/administration_system_logging/collection_filters


TACACS filtering will only work if you are on ISE 2.4p6+ or 2.6+.



Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: