Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
966
Views
0
Helpful
1
Replies

Triggers for Slow Replication Alarms

Go to solution
Marcelo Morais
VIP
VIP

‎09-02-2022 05:09 PM - edited ‎09-02-2022 05:11 PM

ISE Slow Replication Alarm has the following Message Code and Slow Replication severity:

60150 for INFO
60151 for WARN
60152 for ERROR

If I'm not mistaken, the values were (a long time ago):

1st if the replication backlog hits 1,000,000 Messages, the Node will be disconnected and require a manual resync !!!

2nd ERROR: ISE Node not consuming replicated messages for more than 300 min

3rd WARN: ISE Node not consuming replicated messages between 180 - 300 min

4th INFO: ISE Node not consuming replicated messages between 60 - 180 min

Does anyone know the new values in ISE 2.7+?

Thanks !!!

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marcelo Morais
VIP
VIP

‎09-22-2022 10:36 AM

After many tests, the result ...

There are 3 Events that triggers at a certain threshold level when messages for a specific Node has queued up beyond a safe level. They are triggered based on the Pending Messages and how long an ISE Node is not consuming replicated messages:
. INFO greater than 15K totalPendingMsgCount & greater than 15 min totalTimeDiffInMinutes
. WARNING greater than 20K totalPendingMsgCount & greater than 15 min totalTimeDiffInMinutes
. ERROR greater than 40K totalPendingMsgCount & greater than 15 min totalTimeDiffInMinutes

You are able to check this info at PAN CLI using the following command:

ise/admin# show logging application deployment.log
...
2022-09-22 10:49:37,031 INFO [Deployment-RegistrationPoller][] cpm.infrastructure.deployment.notifier.NodeChangeLogger -::::- Sequence details for host <PSN HOSTNAME> replicationStatus[SYNC COMPLETED] primarySequenceCount[784116890] primaryTimeInMins[27730909] currentTimeInMins[27730909] firstUnconsumedPrimarySeqTime[ 27730874] secondarySequenceCount[784064628] secondaryTimeInMins[27730909] totalPendingMsgCount[52262] totalTimeDiffInMinutes [35]
...
2022-09-22 10:49:37,115 INFO [Deployment-RegistrationPoller][] cpm.infrastructure.deployment.notifier.NodeChangeLogger -::::- Slow replication Critical level alarm will be generated for host <PSN Hostname>
message : Node <PSN Hostname> has slow replication since this node is not consuming messages for past 35 minutes. The number of pending messages are 52262
...

Note: you are able to check the INFO, WARNING and ERROR at ISE GUI Alarms, but at ISE CLI the reference are INFO, WARN and CRITICAL, for ex.:

...
Inside logAuditMessages to raise slow replication alarm with level [CRITICAL] for node [<PSN Hostname>]
...
Inside logAuditMessages to raise slow replication alarm with level [WARN] for node [<PSN Hostname>]
...
Inside logAuditMessages to raise slow replication alarm with level [INFO] for node [<PSN Hostname>]
...

Hope this helps !!!

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Marcelo Morais
VIP
VIP

‎09-22-2022 10:36 AM

After many tests, the result ...

There are 3 Events that triggers at a certain threshold level when messages for a specific Node has queued up beyond a safe level. They are triggered based on the Pending Messages and how long an ISE Node is not consuming replicated messages:
. INFO greater than 15K totalPendingMsgCount & greater than 15 min totalTimeDiffInMinutes
. WARNING greater than 20K totalPendingMsgCount & greater than 15 min totalTimeDiffInMinutes
. ERROR greater than 40K totalPendingMsgCount & greater than 15 min totalTimeDiffInMinutes

You are able to check this info at PAN CLI using the following command:

ise/admin# show logging application deployment.log
...
2022-09-22 10:49:37,031 INFO [Deployment-RegistrationPoller][] cpm.infrastructure.deployment.notifier.NodeChangeLogger -::::- Sequence details for host <PSN HOSTNAME> replicationStatus[SYNC COMPLETED] primarySequenceCount[784116890] primaryTimeInMins[27730909] currentTimeInMins[27730909] firstUnconsumedPrimarySeqTime[ 27730874] secondarySequenceCount[784064628] secondaryTimeInMins[27730909] totalPendingMsgCount[52262] totalTimeDiffInMinutes [35]
...
2022-09-22 10:49:37,115 INFO [Deployment-RegistrationPoller][] cpm.infrastructure.deployment.notifier.NodeChangeLogger -::::- Slow replication Critical level alarm will be generated for host <PSN Hostname>
message : Node <PSN Hostname> has slow replication since this node is not consuming messages for past 35 minutes. The number of pending messages are 52262
...

Note: you are able to check the INFO, WARNING and ERROR at ISE GUI Alarms, but at ISE CLI the reference are INFO, WARN and CRITICAL, for ex.:

...
Inside logAuditMessages to raise slow replication alarm with level [CRITICAL] for node [<PSN Hostname>]
...
Inside logAuditMessages to raise slow replication alarm with level [WARN] for node [<PSN Hostname>]
...
Inside logAuditMessages to raise slow replication alarm with level [INFO] for node [<PSN Hostname>]
...

Hope this helps !!!

0 Helpful
Customers Also Viewed These Support Documents