Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
708
Views
0
Helpful
1
Replies

Monitoring the ISE Deployment

gtilburg
Cisco Employee
Cisco Employee

‎02-08-2016 04:54 AM

Hi,

Our customer recently had some problems some PSNs in their ISE 1.3 deployment and didn't realize for quite some time.

They are now looking for the best way to monitor their deployment. I have not been able to find a full best practice around monitoring ISE deployments.

Info I have found:

http://pmbuwiki/Products/ISE/Technical/Design-Config/Monitoring#Appliance.c2.a0Monitoring

which contains:

- Syslog setup: How to configure, not what to configure.

- SNMP MIBs: Some info on the appliance/VM resources, but nothing on the ISE services availability.

- UCS/NAC appliance monitoring: Again looking at the appliance, but not the ISE services.

Basically I am looking for an ideal monitoring configuration:

We would configure a syslog server as remote logging target, but would to understand which Logging category to enable to send useful information about the status of the ISE deployment to the syslog server.

Any recommendations which Logging Categories to enable?

Secondly, is there a way to tune the Message Catalog to make sure some logs are sent to the syslog server?

Some Messages which are interesting are considered Debug and are therefore not triggered when the general Logging Category is set to Warn or Info.

Regards

Gert

0 Helpful
1 Reply 1

hslai
Cisco Employee
Cisco Employee

‎02-10-2016 10:32 PM

If you want the general system health, then add your remote syslog target to "System Statistics".

As you can see, the events are divided into categories and we may designate a syslog target receiving only a subset of categories. We usually want to keep the default severity and only temporarily set a category to higher for debugging purposes.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents