11-29-2017 02:38 AM
Hello ISE (and ACS) Expert,
My customer needs advice especially with regards to monitoring everything around authentication. Currently in migration phase from ACS to ISE - therefore all questions are more for ISE in mind, but also still relevant for ACS...
Any hints in this area are highly welcome!
Thanks for your time,
Michael
Solved! Go to Solution.
11-30-2017 11:19 PM
For SNMP. please use following community link that describes all OIDs
Re: Monitoring ISE health using SNMP Polling
For logging, please take a look at Logging video in ISE operations that describes different logging aspects.
Arne has provided some nice pointers on tools available to use.
-Krishnan
11-29-2017 02:26 PM
Regarding SNMP traps, ISE is configured to send a grand total of 1 SNMP trap! :-) Have a look at my posting on this
ISE SNMP Trap - dskThresholdLimit - what is the OID? - and beware, the logic is back to front, and also contains a small bug.
I am using this trap to inform our PRTG server in the event that the ISE disk subsystem reaches 80% capacity. This is a more efficient mechanism than polling the node every 5 minutes to check disk space. Sadly, the SNMP trap list doesn't look anything like an IOS device where you can generate traps on all sorts of events. If you run ISE on a hardware appliance then I guess you can send traps from CIMC for fans/power/disk issues etc.
I have recently integrated with Splunk as well. I enabled EVERYTHING. Yes, as reckless as that may sound, it wasn't so bad after all. In a 24 hour period I generate 5MB of data. Ok, my system is not that busy, and we're only doing Sponsored Guest and TACACS. I have not found any Splunk or Cisco documentation that helps in this regard. The only way I have found out what does what, is by enabling each Logging category one by one and doing tcpdump. Not advisable on a very busy production system, but it gives some insights. As time goes on we might reduce the logging categories. The Splunk guy advised to enable everything to see what comes in, and then cut back what we don't want to see. The Splunk dashboard with the Cisco ISE plugin is looking prettier now. I have to say, on face value the ISE dashboard gives almost the same information. The value add from Splunk is the correlation with all other devices in the ecosystem.
On item 3 you can automate authentication tests with tools like radtest from FreeRadius Utils. Not sure how that relates to the tools you mentioned, but in principle, radtest is just a unix command that can be executed and it will return either a result code that you can check for, or if not, then parse the result to see whether the auth worked. I happen to also have a short document on that testing procedure ... Rapid prototyping ISE Policies without any real networking hardware
12-01-2017 02:28 AM
Thank you for taking the time to respond, Arne! Really helpful.
11-30-2017 11:19 PM
For SNMP. please use following community link that describes all OIDs
Re: Monitoring ISE health using SNMP Polling
For logging, please take a look at Logging video in ISE operations that describes different logging aspects.
Arne has provided some nice pointers on tools available to use.
-Krishnan
12-01-2017 02:29 AM
Krishnan, thanks a lot for the links. Customer and me really appreciate the hints!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide