Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1624
Views
5
Helpful
1
Replies

ISE purging rules

robertwilkinson1
Level 1
Level 1

‎01-25-2018 10:04 AM - edited ‎02-21-2020 10:44 AM

Is there a way to set a purge rule based on when an object is added to an identity group?  Basically purge x days after added to group y?

What I am running into is I can create a rule that says in group x purge when elasped days greater than X.  Problem is some devices were already in ISE prior through profiling before added to that group so it sees that initial profile date as the date it uses to purge.

Labels:
0 Helpful
1 Reply 1

ajc
Level 7
Level 7

‎01-26-2018 01:28 PM

The answer is NO. I have been working with TAC trying to remove the significant amount of useless data in the Context Visibility and Oracle DB of ISE (both are not the same but they sync) and the only thing we can do is remove the entries x endpoint group based on the elapsed days.

 

There is also a 10,000 endpoint purge limit which is coded into ISE platform properties. This process runs continuously until the whole data matching the purge policy is deleted so it can take more than a hour.

 

grep 'Purge' platform.properties profiler.endPointsPurgeIntervalSec=300 <ucsSmall>.profiler.maxEndPointsPerPurge=10000 <ucsLarge>.profiler.maxEndPointsPerPurge=10000 <sns3515>.profiler.maxEndPointsPerPurge=10000 <sns3595>.profiler.maxEndPointsPerPurge=10000 <ibmSmallMedium>.profiler.maxEndPointsPerPurge=10000 <ibmLarge>.profiler.maxEndPointsPerPurge=10000

Customers Also Viewed These Support Documents