03-31-2024 11:21 PM
In Ise version 3.3 there is a feature of System 360 that includes Monitoring and Log Analytics, with elk monitoring , I want to fetch the radius accounting logs for the last 90 days. Will this feature be able to fetch logs of last 90 days and if not , then logs of how many days can be retrieved using this feature?
Solved! Go to Solution.
04-01-2024 04:15 AM
No, log analytics only has a 7 day retention time.
04-01-2024 01:52 PM
@jagritibhardwaj471 - I was also surprised to learn that Log Analytics only retains 7 days (I guess I should read that link in more detail) - perhaps the answer lies in the Data Connect feature (ODBC/JDBC) to fetch data from the MNTs using SQL queries.
Administration > System > Data Connect
There are SQL tools like SQuirreL SQL Client Home Page (sourceforge.io) or Download SQL Server Management Studio (SSMS) - SQL Server Management Studio (SSMS) | Microsoft Learn to visually inspect and fetch data from the ISE database when Data Connect is enabled.
04-01-2024 03:02 AM
As per the i know ISE 3.3 Log analytics - how the system performing - check the admin guide - System 360
check the data retained as mentioned in the document.
04-01-2024 04:15 AM
No, log analytics only has a 7 day retention time.
04-01-2024 01:52 PM
@jagritibhardwaj471 - I was also surprised to learn that Log Analytics only retains 7 days (I guess I should read that link in more detail) - perhaps the answer lies in the Data Connect feature (ODBC/JDBC) to fetch data from the MNTs using SQL queries.
Administration > System > Data Connect
There are SQL tools like SQuirreL SQL Client Home Page (sourceforge.io) or Download SQL Server Management Studio (SSMS) - SQL Server Management Studio (SSMS) | Microsoft Learn to visually inspect and fetch data from the ISE database when Data Connect is enabled.
04-01-2024 09:38 PM
That means the only way to collect last 90 days radius accounting logs is via data connect ?? But in my case , we are working with Ise release 2.7 and data connect is a feature for versions starting from release 3.2 . Does that conclude that we have no other way to collect historic radius accounting logs apart from data connect ?
04-02-2024 03:35 AM
04-02-2024 04:43 AM
Actually my purpose is to collect the radius accounting logs of last 90 days , we have to generate reports according to that .
04-02-2024 05:15 AM
Why? What value would RADIUS accounting give you? What exactly are you looking for in the accounting logs?
04-02-2024 05:18 AM
My bad I was actually looking to get radius authentication logs and not radius accounting logs.
04-02-2024 05:52 AM
04-02-2024 06:18 AM - edited 04-02-2024 01:19 PM
Stay away from Splunk. It is an overprice product.
ElasticSearch is a good product, free because it is an opensource. You can purchase support if needed, so much cheaper than Splunk. Elastic Search is also running in Cisco ISE. If it is good enough for Cisco, it is good enough for most enterprise environment. Very easily deployed in AWS.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide