Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3133
Views
16
Helpful
13
Replies

ISE Logs too slow

manvik
Level 3
Level 3

‎05-27-2022 02:23 AM

ISE logs tooooo slow, it keeps showing "fetching records" for tacacs, radius, alrm logs etc

deployment is a simple one with DC & DR nodes

MNT, ADM, monito are all in one node

Labels:
0 Helpful
13 Replies 13

ahollifield
VIP
VIP

‎05-27-2022 05:26 AM

Version?  Are you within the scale limits for a standalone deployment?  VM or appliance?

https://www.cisco.com/c/en/us/td/docs/security/ise/performance_and_scalability/b_ise_perf_and_scale.html

0 Helpful

manvik
Level 3
Level 3
In response to ahollifield

‎05-27-2022 05:58 AM

ISE 3.1 patch 3

VM

new installation

2 node standalone

concurrent tacacs auth 200 devices. Total 400 devices

0 Helpful

ahollifield
VIP
VIP
In response to manvik

‎05-27-2022 06:12 AM - edited ‎05-27-2022 06:12 AM

Do you have the proper VM resources allocated? Also, are you seeing any alarms on the dashboard for disk read/write speeds?

https://www.cisco.com/c/en/us/td/docs/security/ise/3-1/install_guide/b_ise_InstallationGuide31/b_ise_InstallationGuide31_chapter_2.html#hardware-virtual-appliance-req

0 Helpful

manvik
Level 3
Level 3
In response to ahollifield

‎05-27-2022 06:24 AM

yes 32 GB RAM and 16 CPU

There was a "queue link error timeout" between DC and DR in the Alarma

0 Helpful

ahollifield
VIP
VIP
In response to manvik

‎05-27-2022 04:46 PM

That is related to the ISE messaging service (how logs are transferred between nodes) and is likely the cause of your issue.  Re-generate the ISE Root CA and then the ISE messaging certificate for all nodes.  

0 Helpful

Marcelo Morais
VIP
VIP
In response to manvik

‎05-27-2022 06:19 PM

Hi @manvik ,

 if my understanding is correct, at Home > Alarms dashboard, you have a Queue Link Error, am I correct?

 If the answer is yes, could you please:

1. click the Queue Link Error link

2. take a PrtScr of the new window (generated by the Queue Link Error link)

 

Regards

thomas
Cisco Employee
Cisco Employee

‎05-28-2022 08:35 AM

Please see How to Ask The Community for Help to provide the community with enough details to help you in the future.

0 Helpful

manvik
Level 3
Level 3

‎06-06-2022 04:26 AM

Alarm says; Queue Link Error: Message=From DR ISE to DC ISE; cause=Timeout

I removed DR ISE from the cluster, now there no delay in logs.

0 Helpful

ahollifield
VIP
VIP
In response to manvik

‎06-06-2022 05:04 AM - edited ‎06-06-2022 05:04 AM

Timeouts typically indicate the ISE messaging port TCP/8671 is not allowed through the firewall.  

0 Helpful

Marcelo Morais
VIP
VIP
In response to manvik

‎06-06-2022 06:37 AM

Hi @manvik ,

 please take a look at the following document: ISE - Queue Link Error.

 

Hope this helps !!!

manvik
Level 3
Level 3

‎06-09-2022 05:31 AM

thank you @ahollifield @Marcelo Morais 

the ports are open between both ISE nodes. I removed DR ISE from cluster slowness disappeared.

Again added DR ISE to cluster, now the logs are slow again.

I get the attached error now.

queErrors.JPG

ahollifield
VIP
VIP
In response to manvik

‎06-09-2022 08:08 AM

Unknown CA.  You need to re-generate the ISE root CA and then the ISE Messaging certificates on all nodes.

0 Helpful

adamscottmaster2013
Level 3
Level 3

‎06-09-2022 08:22 AM

I run into this issue before.  To resolve it, I did:

 

1- Administration --> Logging --> Log settings

Uncheck the box "Use "ISE Messaging Service" for UDP Syslogs delivery to MnT" 

 

I think that will resolve your issue. 

Customers Also Viewed These Support Documents