Solved: Re: Log Sizing Calculation for 2.4 TACACS+

umahar · ‎01-09-2019

Anyone recently did Log Sizing Calculation for TACACs on 2.4 using the below link ?

https://community.cisco.com/t5/security-documents/ise-mnt-log-sizing-calculator-for-tacacs-and-radius/ta-p/3636072

I have a few doubts.

Q1. What is the % disk allocation for logs on 2.4 ? I am struggling to find it documented.

Q2. Could anyone explain the formula for MnT Log Allocation - .2*.8*I9 ?

The below document mentions only 20% is available for 2.0/2.1 and 60% for 2.2. Do we need to account for another 20% usage to introduce .8 in the formula ?

https://community.cisco.com/t5/security-documents/ise-performance-amp-scale/ta-p/3642148#toc-hId-1675205073

Q3. Will this formula have to be changed for different ISE versions . eg. use .6*.8*I9 for 2.2 ?

Damien Miller · ‎01-09-2019

I do believe .6 would be the correct value in the equation since comes from the fact that ISE allocates 60% of the provisioned disk. ex, a 1200 GB VM would have approx 700 GB of log storage available to both radius or tacacs .
I then believe .8 acts as the high water mark for log storage, ISE tries to maintain 80% of the 60% as the threshold. So of that 700 GB, there is an 80% high log storage alarm, say around 570 GB. So the effective storage from 1200 GB becomes 570 GB for radius and tacacs combined.

You can see this for yourself if you go to this page on your ise deployment. It gives total DB size if you hover over the bar graph, and then the alarm threshold at around 80%.
https://<ise-server>/admin/#administration/administration_system/administration_system_backup/data_purging

View solution in original post

kthiruve · ‎01-09-2019

Damien is correct. A little background that will help understand better...

Prior to ISE 2.2, in ISE 2.1 the log storage are statically assigned(hard coded) to be 30% for Radius and 20% for TACACS.

The formula you mentioned uses that I believe.

When I realized that, I fought for more dynamic way of allocating log storage independent of the service and hence the new allocation based on the usage be it RADIUS or TACACS upto 60% with 80% watermark. Hope this clarifies.

-Krishnan

View solution in original post

Jason Kunst · ‎01-09-2019

Asked our SMEs to take a look

Damien Miller · ‎01-09-2019

I do believe .6 would be the correct value in the equation since comes from the fact that ISE allocates 60% of the provisioned disk. ex, a 1200 GB VM would have approx 700 GB of log storage available to both radius or tacacs .
I then believe .8 acts as the high water mark for log storage, ISE tries to maintain 80% of the 60% as the threshold. So of that 700 GB, there is an 80% high log storage alarm, say around 570 GB. So the effective storage from 1200 GB becomes 570 GB for radius and tacacs combined.

You can see this for yourself if you go to this page on your ise deployment. It gives total DB size if you hover over the bar graph, and then the alarm threshold at around 80%.
https://<ise-server>/admin/#administration/administration_system/administration_system_backup/data_purging

umahar · ‎01-09-2019

Thanks for detailed response Damien.

Any idea if we should use 60% utilization for 2.4 also ?

Damien Miller · ‎01-09-2019

I just took a look, 2.2, 2.3, and 2.4 all have the same database storage breakdown, 60% of underlying provisioned disk.

kthiruve · ‎01-09-2019

Damien is correct. A little background that will help understand better...

Prior to ISE 2.2, in ISE 2.1 the log storage are statically assigned(hard coded) to be 30% for Radius and 20% for TACACS.

The formula you mentioned uses that I believe.

When I realized that, I fought for more dynamic way of allocating log storage independent of the service and hence the new allocation based on the usage be it RADIUS or TACACS upto 60% with 80% watermark. Hope this clarifies.

-Krishnan

umahar · ‎01-10-2019

Thank You everyone for your prompt responses.