AAA log size estimate

lekang · ‎02-03-2016

Hi All, we have a financial customer who is looking at deploying ISE for 60K concurrent endpoints with 2 x Admin, 2 x MnT and 8 x PSNs. They would like to get some guidance on sizing for additional storage for retaining the logs for up to 7 years. I know it all depends on Auth rate, reauth and etc. Based on our engagements with financial customers, please can we provide some guidance on the order of magnitude for required storage. i.e. 100GB or 1TB per year

Regards, CK

Cory Peterson · ‎02-03-2016

You would need to send the logs through syslog to a SIEM environment.

ISE can only support 2TB of storage on a single VM and in your case of 60,000 endpoints that is equal to about 250 Days worth of logs, ISE would not be able to hold 7 years worth of logs, nor would it be a good idea as ISE is not built to be a log storage device.

lekang · ‎02-03-2016

Yes, all the ISE Radius logs will be sent to an external log server via Syslog. If we are only looking at Radius, are we still looking at 2TB for 250 Days of logs for 60K endpoints?

Cory Peterson · ‎02-04-2016

That is really dependent on the SIEM product you are using and if or how much it compresses the data.

kthiruve · ‎02-03-2016

Here is the link for ISE 1.3 for log sizing. You can find this for other versions of ISE as well.

Cisco Identity Services Engine Hardware Installation Guide, Release 1.3 - Installing ISE on a VMware Virtual Machine […

-Krishnan