Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3594
Views
5
Helpful
3
Replies

Live Logs Missing 'No Data Found' ISE Version 2.4 Patch 11

Go to solution
JohnOnyeyiri86132
Level 1
Level 1

‎10-29-2020 11:41 AM

Experiencing a sporadic issue  where live logs goes missing in our ISE deployment for my organization. We are running 2.4 Patch 11 version. The usual precursor to this issue is the Warning - Health Status Unavailable on all the nodes in our deployment.

 

Is there any bug related to this or are there any troubleshooting steps for this kind of issue?

 

I already have a case open with TAC they have collected System Bundles and Debugs from the Primary MNT.

 

Really puzzled as this just started happening over the last 3 weeks. The only major change we've had in my environment for  that time frame is the changing the IP and VLAN of our secondary nodes and on one of our PSNs 

Preview file
24 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Damien Miller
VIP Alumni
VIP Alumni
In response to JohnOnyeyiri86132

‎11-02-2020 07:53 PM

There is no ISE messaging service in 2.4, so you won't have the possibility to see the Queue Link Error unless you are on 2.6p2+/2.7/3.0. You're pre feature, but keep an eye out for it, it's a common post upgrade issue to address with new certs. 

 

I had a customer with 2.4 live log issues, they have since moved to 2.7p2, but it was related to the sessions directory memory size.
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvs53030

 

Hopefully TAC can help you out with the case, or they have already. In the mean time you could confirm that TCP syslog is disabled, it has been known to cause issues in the past. 



View solution in original post

3 Replies 3

Go to solution
Mike.Cifelli
VIP Alumni
VIP Alumni

‎10-29-2020 11:52 AM - edited ‎10-29-2020 11:53 AM

AFAIK there have been a few bugs relating to your issue.  Do you also get queue link alarms? If so, one specific bug that I encountered that relates to your issues with no live logs for both radius and t+, and no system summary health status available is here: https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvp45528/?rfs=iqvred

Note that I encountered this bug on 2.7p2 & the workaround fixed my issues.  HTH!

0 Helpful

Go to solution
JohnOnyeyiri86132
Level 1
Level 1
In response to Mike.Cifelli

‎10-29-2020 12:03 PM

Thanks for the reply, Mark & no I do not receive a 'Queue Link Error' on any of the nodes. I'll try and look through the bug search tool to see if I find any that match my current issue.

0 Helpful

Go to solution
Damien Miller
VIP Alumni
VIP Alumni
In response to JohnOnyeyiri86132

‎11-02-2020 07:53 PM

There is no ISE messaging service in 2.4, so you won't have the possibility to see the Queue Link Error unless you are on 2.6p2+/2.7/3.0. You're pre feature, but keep an eye out for it, it's a common post upgrade issue to address with new certs. 

 

I had a customer with 2.4 live log issues, they have since moved to 2.7p2, but it was related to the sessions directory memory size.
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvs53030

 

Hopefully TAC can help you out with the case, or they have already. In the mean time you could confirm that TCP syslog is disabled, it has been known to cause issues in the past. 



Customers Also Viewed These Support Documents