02-03-2016 04:56 AM
Hi All, we have a financial customer who is looking at deploying ISE for 60K concurrent endpoints with 2 x Admin, 2 x MnT and 8 x PSNs. They would like to get some guidance on sizing for additional storage for retaining the logs for up to 7 years. I know it all depends on Auth rate, reauth and etc. Based on our engagements with financial customers, please can we provide some guidance on the order of magnitude for required storage. i.e. 100GB or 1TB per year
Regards, CK
02-03-2016 06:12 AM
You would need to send the logs through syslog to a SIEM environment.
ISE can only support 2TB of storage on a single VM and in your case of 60,000 endpoints that is equal to about 250 Days worth of logs, ISE would not be able to hold 7 years worth of logs, nor would it be a good idea as ISE is not built to be a log storage device.
02-03-2016 07:03 AM
Yes, all the ISE Radius logs will be sent to an external log server via Syslog. If we are only looking at Radius, are we still looking at 2TB for 250 Days of logs for 60K endpoints?
02-04-2016 12:38 PM
That is really dependent on the SIEM product you are using and if or how much it compresses the data.
02-03-2016 05:15 PM
Here is the link for ISE 1.3 for log sizing. You can find this for other versions of ISE as well.
-Krishnan
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide