Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2356
Views
21
Helpful
4
Replies

Ignoring Logged Messages in Radius Live logs for test user

Go to solution
ShaunGreen
Level 1
Level 1

‎11-05-2020 08:26 AM

Hi All,

 

I have the following commands to test that the ISE-PSN is up and responding. When it drops, then dot1x fails over to the Critical access policy.

 

radius server xxx-PSN
address ipv4 10.x.x.x auth-port 1812 acct-port 1813
automate-tester username test-user idle-time 1
key 7 xxxxx

 

That works fine, but the only problem I have is the amount of logs I see in the Radius live logs.

 

Capture.PNG

 

Is there a way to ignore these logs messages, or is there a better way of doing it?

 

Thanks, Simon

0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Massimo Baschieri
Level 3
Level 3
In response to martin.fischer

‎11-05-2020 09:09 PM

Or you can add the prode-on option, this way the probes are sent only when primary radius fails.

 

View solution in original post

Go to solution
martin.fischer
Level 1
Level 1

‎11-06-2020 01:00 AM

Hi @ShaunGreen 

For the command 'automate-tester username test-user idle-time 1' you can use the probe-on instead of idle-time.

If you use idle-time then the probes will be sent regularly in the defined interval independent of the server state (UP/DEAD). If you use the probe-on keyword instead, then the probes will only be sent if IOS recognized the server as DEAD.

Check the following document and search for 'Automate-tester Probe-on' for more details:

https://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/identity-based-networking-services/whitepaper_C11-731907.html 

 

View solution in original post

4 Replies 4

Go to solution
martin.fischer
Level 1
Level 1

‎11-05-2020 10:12 AM - edited ‎11-05-2020 10:19 AM

Hi @ShaunGreen 

Yes, on ISE go to Administration -> System -> Logging -> Collection Filters. Add an entry with attribute 'User Name', Value = test-user, Filter Type = Filter All.

Go to solution
Massimo Baschieri
Level 3
Level 3
In response to martin.fischer

‎11-05-2020 09:09 PM

Or you can add the prode-on option, this way the probes are sent only when primary radius fails.

 

Go to solution
ShaunGreen
Level 1
Level 1
In response to Massimo Baschieri

‎11-05-2020 11:29 PM

Hi @Massimo Baschieri ,

Sorry my ISE skills aren't fantastic, I'm still building my knowledge up, could you please provide a few more details with regard to adding the probe-on option?

0 Helpful

Go to solution
martin.fischer
Level 1
Level 1

‎11-06-2020 01:00 AM

Hi @ShaunGreen 

For the command 'automate-tester username test-user idle-time 1' you can use the probe-on instead of idle-time.

If you use idle-time then the probes will be sent regularly in the defined interval independent of the server state (UP/DEAD). If you use the probe-on keyword instead, then the probes will only be sent if IOS recognized the server as DEAD.

Check the following document and search for 'Automate-tester Probe-on' for more details:

https://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/identity-based-networking-services/whitepaper_C11-731907.html 

 

Customers Also Viewed These Support Documents