Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2808
Views
10
Helpful
3
Replies

ISE Services monitoring with ERS / REST API

prathapss
Level 1
Level 1

‎03-23-2021 09:13 AM

Is there a way to monitor the ISE node services such as the application server using ERS / REST API.

0 Helpful
3 Replies 3

Mike.Cifelli
VIP Alumni
VIP Alumni

‎03-23-2021 10:56 AM

AFAIK this is not supported.  IMO this would be a great feature request item (if not already road mapped).  Dont forget you can setup ISE alarms for this specific concern via PAN GUI (see alarm settings; specifically process down and/or system health category).  Also, I suggest taking a peek at the online SDK if you have not already done so to see API capabilities/use cases.  <https://<pan ip>:9060/ers/sdk#>.  HTH!

0 Helpful

Marcelo Morais
VIP
VIP

‎03-23-2021 11:19 AM

Hi @prathapss ,

 please take a look at the following: Monitoring Application Server Status in ISE. (to add more info about monitoring ISE Services).

 

Hope this helps !!!

0 Helpful

thomas
Cisco Employee
Cisco Employee

‎03-24-2021 11:37 AM

You aren't very specific about "node services".

 

The closest thing available I think to what you are asking for is deploymentinfo/getAllInfo :

curl \
--location \
--insecure \
--include \
--header 'Accept: application/json' \
--user $ise_rest_username:$ise_rest_password \
--request GET https://ise.securitydemo.net:9060/ers/config/deploymentinfo/getAllInfo

Note that this request typically takes 10-12 seconds for me using a standalone ISE node because it is gathering all kinds of random information - LOTS OF INFORMATION - which you would then need to parse with jq or other scripts. See the attached doc for the output from my ISE node. This is not something I recommend doing very frequently for monitoring but you asked if there was a way. I have not tested it on a Medium or Large deployment.

Load balancers will test using synthetic transactions for RADIUS. You could also script something in Python. Easiest is with probes from your network devices:

username radius-probe password 0 C1sco12345

radius server ISE01
  address ipv4 198.18.133.27 auth-port 1812 acct-port 1813
  automate-tester username radius-probe ignore-acct-port probe-on
  key C1sco12345

 

For guest portals you can do simple HTTP/S GET's to the portal URL:

image.png

which will give you something like:

https://ise.securitydemo.net:8443/portal/PortalSetup.action?portal=d334b5db-a373-4690-84d7-f17c45933d89

then you can do

curl \
--insecure \
--include \
https://ise.securitydemo.net:8443/portal/PortalSetup.action?portal=d334b5db-a373-4690-84d7-f17c45933d89

HTTP/1.1 200  <== in the header

 

 

Preview file
45 KB
Customers Also Viewed These Support Documents