Solved: ISE maximum logging time / data retention

Johannes Luther · ‎03-23-2016

Hi community,

If I understand the ISE deployment guides correctly, the amount of history data within the MNT depends on

The available disk space on the MNT node
The number of endpoints

Is there a way to limit the days of logging? For example I want to enforce that the MNT node only stores data for the last 30 days?

I don't know if this is only a topic in my country - but this is a regular requirement by the data protection guys.

nspasov · ‎03-24-2016

My apologies I misread/misunderstood your original post/question. Thank you for clarifying it for me. It sounds like you need to alter the settings under:

Administration > System > Maintenance >Data Purging.

I hope that is what you are looking for! :)

Thank you for rating helpful posts!

View solution in original post

Nadav · ‎11-15-2018

In case anyone is still interested in the answer:

To see reports older than 30 days, you must perform a filter. One of the criteria is "Logged at" which allows you to set a date and time for both start and end data of the result set. For example, you can pick from 01/01/2018 1AM to 03/03/2018 5PM.

View solution in original post

nspasov · ‎03-23-2016

Hi Johannes-

You con can control the historic logs from Administration > System > Logging > Local Log Settings. There you can set the required retention policy. Of course, if the system will auto delate the oldest logs if the disk(s) become full.

In the same section you can also configure ISE to send its logs to a remote system for greater retention history.

I hope this helps!

Thank you for rating helpful posts!

Johannes Luther · ‎03-23-2016

Hello Neno,

thank you for the fast reply.

If I understand the "Local Log Settings" correctly this does not influence the data for reports and endpoint logging on the MNT node.

The default value of this setting is 1 day. So it cannot influence the data seen in reports. Currently I can go back for more than 120 days in the reports.

So that's obviously not it - sorry :)

nspasov · ‎03-24-2016

My apologies I misread/misunderstood your original post/question. Thank you for clarifying it for me. It sounds like you need to alter the settings under:

Administration > System > Maintenance >Data Purging.

I hope that is what you are looking for! :)

Thank you for rating helpful posts!

Johannes Luther · ‎03-24-2016

Hi Neno,

no apologies - at least someone answers :)

And yes, that in fact to correct switch. It's so easy and I was too dumb finding it. Shame on me!

By the way. The functionality may be verified in the report: Deployment status > Data Purging Audit

Thank you so much!

nspasov · ‎03-24-2016

No worries. ISE is like a Swiss Army Knife...there are so many settings and knobs to turn that it is easy to miss something :) And the product continues to expand so it is only getting worse :)

You are most welcome!

Best Regards!

Neno

Dominic Stalder (old profile) · ‎01-03-2017

Hi Johannes

sorry if I interrupt your old discussion about ISE operational data retention, but I have a question about it. We have an ISE 2.1 and I already configured the operational data purging time to 365 days, see attachment. But the problem is under Operations > Reports > Endpoint and Users > RADIUS authentications (for example) we can only go back 30 days, it is not possible to show any data older than this (-> I know there is a problem with the custom time range feature, but I think this is not the cause of our problem)

How did you manage to see data older than 120 days in your reports?

Note: reports under Operations > Reports > Guests do show all the 365 days!

Thanks in advance and best regards

Dominic

Nadav · ‎11-15-2018

In case anyone is still interested in the answer:

To see reports older than 30 days, you must perform a filter. One of the criteria is "Logged at" which allows you to set a date and time for both start and end data of the result set. For example, you can pick from 01/01/2018 1AM to 03/03/2018 5PM.