Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1934
Views
0
Helpful
1
Replies

Secondary and Primary monitoring nodes logs replication

Go to solution
SMD28316
Level 1
Level 1

‎06-17-2021 04:37 AM

In the document, it's mentioned that the MnT nodes receive their logs from PSNs and PANs in the deployment, what about the logs in the primary MnT? do they get replicated to the secondary MnT node as well?

 

If I registered a new MnT node in the deployment, does it get a copy of the logs in the Primary MnT node?

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marcelo Morais
VIP
VIP

‎06-17-2021 07:29 AM

Hi @SMD28316 ,

 remember that:

"... the MnT Node is responsible for the logging and reporting functions of ISE. All PSNs will send their logging data to the MnT Node as syslog messages (UDP port 20514).

 When there are two MnT Nodes in an ISE Deployment, all ISE Nodes send their audit data to both MnT Nodes at the same time.

 Upon an MnT failure, all Nodes continue to send logs to the remaining MnT Node. Therefore, no logs are lost. The PAN retrieves all log and report data from the remaining MnT Node, so there is no administrative function loss, either. However, the log database is not synchronized between the Primary and Secondary MnT Nodes. Therefore, when the MnT Node returns to service, a backup and restore of the MnT Node is required to keep the two MnT Node in complete sync..."

 

Hope this helps !!!

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Marcelo Morais
VIP
VIP

‎06-17-2021 07:29 AM

Hi @SMD28316 ,

 remember that:

"... the MnT Node is responsible for the logging and reporting functions of ISE. All PSNs will send their logging data to the MnT Node as syslog messages (UDP port 20514).

 When there are two MnT Nodes in an ISE Deployment, all ISE Nodes send their audit data to both MnT Nodes at the same time.

 Upon an MnT failure, all Nodes continue to send logs to the remaining MnT Node. Therefore, no logs are lost. The PAN retrieves all log and report data from the remaining MnT Node, so there is no administrative function loss, either. However, the log database is not synchronized between the Primary and Secondary MnT Nodes. Therefore, when the MnT Node returns to service, a backup and restore of the MnT Node is required to keep the two MnT Node in complete sync..."

 

Hope this helps !!!

0 Helpful
Customers Also Viewed These Support Documents