04-16-2019 05:45 AM
My ISE database has increased the usage of the application has began to ramp up so obviously my backups are growing large. Currently I am backing up operational once a week and configuration daily. Is this too much? My daily's are about 1.5G and the operational is about 10G. Is there a way to manage the retention within ISE? Like say only keep 3 days worth, or do I need to create a batch script to purge these?
Solved! Go to Solution.
04-16-2019 06:14 AM
I don't backup the operational database on any of my customers. We usually rely on external log destinations for long term data retention of log data. If I need to rebuild ISE I am only worried about recovering the configuration data. I usually backup the ISE configuration once a week. There is no retention policies in ISE so you need to setup cron jobs on your backup server to manage the ISE backup retention.
04-16-2019 06:14 AM
I don't backup the operational database on any of my customers. We usually rely on external log destinations for long term data retention of log data. If I need to rebuild ISE I am only worried about recovering the configuration data. I usually backup the ISE configuration once a week. There is no retention policies in ISE so you need to setup cron jobs on your backup server to manage the ISE backup retention.
04-16-2019 06:24 AM - edited 04-16-2019 06:41 AM
I'm with Paul, we don't back up any of the RADIUS/TACACS logs within customer deployments either. Something like splunk is the long term storage. Not to say we have never done it, I once rebuilt a MNT and took a one time backup to restore. It works, it just took forever.
Edit: you can probably ignore this, realized you were asking about backup file retention. Sadly a missing feature in ise.
By default ISE keeps 30 days of RADIUS and TACACS logs. You can manage the retention of that in the Operational Data Purging menu. If you reduce the time here, you will inhibit the ability to run historical reports. So you could change this to 3 days, but sometimes a week of logs is helpful for troubleshooting, I wouldn't go that short.
https://<ise pan IP>/admin/#administration/administration_system/administration_system_backup/data_purging
04-16-2019 03:12 PM
I also don't advocate Operational Backups since I have never had the need for it (nor do my customers). The authentication records get stored on a SYSLOG server somewhere.
I am also still annoyed with the size of Config Backups because they contain more than just configs. If you're curious then pick one of those file apart and see what junk lies inside. But we have no choice. And ISE doesn't do any housekeeping of its backups either. So I devised my own method, assuming your backups live on a Linux host
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide