Cisco Acs 57 User Guide
Have a look at the manual Cisco Acs 57 User Guide online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 53 Cisco manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
9 Managing System Operations and Configuration in the Monitoring and Report Viewer Viewing Log Collections Log Collection Details Page Use this page to view the recently collected log names for an ACS server. 1.From the Monitoring and Report Viewer, select Monitoring Configuration > System Operations > Log Collection. 2.Do one of the following: Click the name of an ACS server. Select the radio button of the ACS server name that you want to use to view recently collected logs, and click Get Details. Note: You can use the refresh symbol to refresh the contents of the page. Table 4 Log Collection Details Page Option Description Log Name Name of the log file. Last Syslog MessageDisplay only. Indicates the arrival time of the most recent syslog message, in the format Ddd Mmm dd hh:mm:ss timezone yyyy, where: Ddd = Sun, Mon, Tue, Wed, Thu, Fri, Sat. Mmm = Jan, Feb, Apr, May, Jun, Jul, Aug, Sep, Oct, Nov, Dec. dd = A two-digit numeric representation of the day of the month, from 01 to 31. hh = A two-digit numeric representation of the hour of the day, from 00 to 23. mm = A two-digit numeric representation of the minute of the hour, from 00 to 59. ss = A two-digit numeric representation of the second of the minute, from 00 to 59. timezone = The time zone. In a distributed environment, the timezone displayed for all secondary servers corresponds to the timezone of the server in which the view is active. If your primary instance has a timezone of PDT and the secondary instance is in UTC, the secondary instance displays the timezone and timestamp of syslog messages with PDT, which corresponds to the timezone of the primary instance. yyyy = A four-digit representation of the year. Last ErrorDisplay only. Indicates the name of the most recent error message.
10 Managing System Operations and Configuration in the Monitoring and Report Viewer Recovering Log Messages Related Topic Viewing Log Collections, page 7 Recovering Log Messages ACS server sends syslog messages to the Monitoring and Report Viewer for the activities such as passed authentication, failed attempts, authorization, accounting, and so on. The syslog messages have a sequence number attached. If the Monitoring and Report Viewer goes down or if it is not able to receive messages from ACS, then the Monitoring and Report Viewer retries those missed logs from ACS, using the logging recovery mechanism. The Monitoring and Report Viewer processes the syslog messages, and identifies any discrepancies in the sequence. In this way, it finds the messages that have been missed. The Monitoring and Report Viewer then notifies the ACS server to resend the missing log messages. ACS server processes the messages stored in its local store and resends them to the Monitoring and Report Viewer. Note: For the Recovering Log Messages feature to work as desired, you must enable the Log to Local Target option for the relevant logging categories in ACS under System Administration > Configuration > Log Configuration > Logging Categories > Global. To enable Recovering Log Messages, from the Monitoring and Report Viewer, select Monitoring Configuration > System Operations > Log Message Recovery. Last Error TimeDisplay only. Indicates the arrival time of the most recent error message, in the format Ddd Mmm dd hh:mm:ss timezone yyyy, where: Ddd = Sun, Mon, Tue, Wed, Thu, Fri, Sat. Mmm = Jan, Feb, Apr, May, Jun, Jul, Aug, Sep, Oct, Nov, Dec. dd = A two-digit numeric representation of the day of the month, from 01 to 31. hh = A two-digit numeric representation of the hour of the day, from 00 to 23. mm = A two-digit numeric representation of the minute of the hour, from 00 to 59. ss = A two-digit numeric representation of the second of the minute, from 00 to 59. timezone = The time zone. In a distributed environment, the timezone displayed for all secondary servers corresponds to the timezone of the server in which the view is active. If your primary instance has a timezone of PDT and the secondary instance is in UTC, the secondary instance displays the timezone and timestamp of syslog messages with PDT, which corresponds to the timezone of the primary instance. yyyy = A four-digit representation of the year. Back Click to return to the Log Collection page. Refresh Click to refresh the data in this page. Table 4 Log Collection Details Page (continued) Option Description
11 Managing System Operations and Configuration in the Monitoring and Report Viewer Viewing Scheduled Jobs Note: View logging recovery will not retrieve the missed logs when the View Logging Recovery feature is disabled and the view is down. Viewing Scheduled Jobs Use this page to view the scheduled jobs. From the Monitoring and Report Viewer, select Monitoring Configuration > System Operations > Scheduler. Table 5 Log Message Recovery Page Option Description Log Message Recovery Option On Enable the log message recovery feature. Off Disable the log message recovery feature. Configure Log Message Recovery Intervals Run Every Minute(s) Set the duration in minutes, at which the recovery should happen. Run Every Hour(s) Set the duration in hours, at which the recovery should happen. Configure Missing Entry count to be re-sent by Collector No.of Missing Entries to be re-sent by Collector during recovery at a timeMaximum number of missing entries that can be sent by the ACS server at a time.The default limit is 1000 and the maximum limit is 9999. If you set value higher than this, ACS performance might go down. Table 6 Scheduler Status Page Option Description NameDisplay only. Name of the job. TypeDisplay only. Type of associated job; for example, Incremental Backup Utility, Session Termination, DB Aggregation Event, Database Purge Utility, and so on. This list includes both system- and user-defined jobs. OwnerDisplay only. Owner of the associated job—System. Last Run TimeDisplay only. Time of the associated job, in the format Ddd Mmm dd hh:mm:ss timezone yyyy, where: Ddd = Sun, Mon, Tue, Wed, Thu, Fri, Sat. Mmm = Jan, Feb, Apr, May, Jun, Jul, Aug, Sep, Oct, Nov, Dec. dd = A two-digit numeric representation of the day of the month, from 01 to 31. hh = A two-digit numeric representation of the hour of the day, from 00 to 23. mm = A two-digit numeric representation of the minute of the hour, from 00 to 59. ss = A two-digit numeric representation of the second of the minute, from 00 to 59. timezone = The time zone. yyyy = A four-digit representation of the year. Last Run ResultDisplay only. The result of the last run of the associated job. StatusDisplay only. The status of the associated job.
12 Managing System Operations and Configuration in the Monitoring and Report Viewer Viewing Process Status Note: When you change any schedule through the ACS web interface, for the new schedule to take effect, you must manually restart the Job Manager process. For more information on the CLI command to restart processes, see CLI Reference Guide for Cisco Secure Access Control System 5.7. Viewing Process Status Use this page to view the status of processes running in your ACS environment. From the Monitoring and Report Viewer, select Monitoring Configuration > System Operations > Process Status. Note: You can click the refresh symbol to refresh the contents of the page. Ta b l e 7 P r o c e s s S t a t u s P a g e Option Description Process NameDisplay only. Name of the process. Options can be: Database Management (ACS management subsystem) Ntpd Runtime (ACS runtime subsystem) View-alertmanager View-collector View-database View-jobmanager View-logprocessor Status Display only. Indicates the status of the associated process. CPU UtilizationDisplay only. Indicates the CPU utilization of the associated process. Memory UtilizationDisplay only. Indicates the memory utilization of the associated process. UptimeDisplay only. Indicates the time that the process was started successfully, in the format Ddd Mmm dd hh:mm:ss timezone yyyy, where: Ddd = Sun, Mon, Tue, Wed, Thu, Fri, Sat. Mmm = Jan, Feb, Apr, May, Jun, Jul, Aug, Sep, Oct, Nov, Dec. dd = A two-digit numeric representation of the day of the month, from 01 to 31. hh = A two-digit numeric representation of the hour of the day, from 00 to 23. mm = A two-digit numeric representation of the minute of the hour, from 00 to 59. ss = A two-digit numeric representation of the second of the minute, from 00 to 59. timezone = The time zone. yyyy = A four-digit representation of the year.
13 Managing System Operations and Configuration in the Monitoring and Report Viewer Viewing Data Upgrade Status Viewing Data Upgrade Status After you upgrade to ACS 5.7, ensure that the Monitoring and Report Viewer database upgrade is complete. You can do this through the ACS web interface. Refer to the Installation Guide for Cisco Secure Access Control System 5.7 for more information on the upgrade process. To view the status of Monitoring and Report Viewer data upgrade: 1.From the Monitoring and Report Viewer, select Monitoring Configuration > System Operations > Data Upgrade Status. 2.The Data Upgrade Status page appears with the following information: Status—Indicates whether or not the Monitoring and Report Viewer data upgrade is complete. Note: It is recommended not to upgrade ACS during aggregation time. If you upgrade ACS during the aggregation time, ACS View upgrade will fail. Viewing Failure Reasons Use this page to view failure reasons. From the Monitoring and Report Viewer, select Monitoring Configuration > System Configuration > Failure Reasons Editor. Table 8 on page 13 lists the field in the Failure Reasons page. Related Topic Editing Failure Reasons, page 13 Editing Failure Reasons Use this page to edit failure reasons and include possible resolution steps to assist administrators when they encounter failures. 1.From the Monitoring and Report Viewer, select Monitoring Configuration > System Configuration > Failure Reasons Editor. 2.Click: The name of the failure reason you want to edit. The radio button associated with the failure reason you want to edit, then click Edit. The Failure Reason Editor Page appears as described in Table 9 on page 14. Table 8 Failure Reasons Page Option Description Failure Reasons Description of the possible failure reasons. Click a failure reason name to open the Failure Reasons Editor page.
14 Managing System Operations and Configuration in the Monitoring and Report Viewer Specifying E Mail Settings Related Topic Viewing Failure Reasons, page 13 Specifying E Mail Settings Use this page to specify the email server and administrator email address. From the Monitoring and Report Viewer, choose Monitoring Configuration > System Configuration > Email Settings. SNMP Traps SNMP traps helps you to monitor the status of ACS processes. If you do not have access to an ACS server, but want to monitor the ACS processes, then you can request the ACS administrator to configure a MIB browser as an SNMP host in the ACS server. After the MIB browser is configured as an SNMP server in ACS, you can monitor the ACS process status from the MIB browser. ACS 5.4 sends the following generic system traps if you configure the SNMP host from the ACS CLI: Cold start—if the device is reloaded. Linkup—when Ethernet interface is up. Linkdown—when Ethernet interface is down. Authentication failure—if the community strings do not match. In ACS 5.7, this feature is enhanced to send traps for ACS process status to the SNMP manager if you configure an SNMP host from the ACS CLI. ACS uses the cron job to trigger these traps. After you configure the SNMP host in the ACS CLI, a cron job starts running every minute and monitors the ACS processes. The first time after you configure the SNMP host, you can see that separate traps are received in the SNMP server for each process that is running in ACS, irrespective of its status. The administrator can verify that the configured SNMP server is able to receive the traps that are sent from ACS. After that, the traps are sent from ACS only when there is a change in the ACS process status. You can view the SNMP traps using the traps receiver in a MIB browser. ACS sends traps using the OID of hrSWRunName that belongs to the HOST-RESOURCES MIB and sets the OID value as < ACS PROCESS NAME > - < PROCESS STATUS >. For instance, runtime - running. Table 9 Failure Reasons Editor Page Option Description Failure Reason Display only. The error code and associated failure reason name. Description Enter a free text description of the failure reason to assist administrators; use the text tools as needed. Resolution Steps Enter a free text description of possible resolution steps for the failure reason to assist administrators; use the text tools as needed. Table 10 Email Settings Page Option Description Mail Server Enter a valid IPv4 or IPv6 email host server. Mail From Enter the email address name that users will see when they receive email from the system.
15 Managing System Operations and Configuration in the Monitoring and Report Viewer SNMP Traps The cron job retrieves the ACS process status from the monit binary. ACS 5.7 supports both SNMPv1 and SNMPv2c. ACS sends traps for the following status to the configured SNMP server: Process Start (monitored state) Process Stop (not monitored state) Execution Failed Does not exists In the SNMP server, for every object, a unique object ID is generated and a value is assigned to the OID. You can find the object with its OID value in the SNMP server. The OID value for a running trap is “running,” and the OID value for not monitored, does not exist, and execution failed traps is “stopped.” To stop ACS from sending SNMP traps to the SNMP server, remove the SNMP configuration from the ACS CLI. This operation stops sending SNMP traps and polling from the SNMP manager. Configuring SNMP Server to Receive Traps from ACS To configure an SNMP server to receive traps from ACS: 1.Log in to the ACS CLI using the CLI username and password. 2.Enter config t to enter configuration mode. 3.Enter the command snmp-server host version . For more information on this command, see the CLI Reference Guide for Cisco Secure Access Control System. Note: You must configure both the host and the community string to send traps from ACS to a configured SNMP host. The SNMP server is now configured. The configured SNMP host will receive the traps from ACS. SNMP Traps for Monitoring Disk Utilization ACS has the following pre-defined partitions: / /storedconfig /var /altroot /usr /opt /recovery /home /storeddata /localdisk
16 Managing System Operations and Configuration in the Monitoring and Report Viewer SNMP Traps /tmp /boot /dev/shm You can also run the show disks command from ACS CLI to view the list of partitions available in ACS. A fresh ACS server does not have all the above partitions and a few partitions may not be available. ACS 5.7 allows you to send SNMP traps to an SNMP host if any of the above ACS partitions reaches its configured threshold disk utilization value. ACS introduces a new CLI command snmp-server trap dskThresholdLimit to configure the threshold percentage for disk utilization. The threshold value in the above command represents the percentage of the available free space. For example, if you configure the threshold limit as 40, then you will receive a trap as soon as a partition reaches 60% of its disk space. That is, a trap is sent when the configured amount of free space is reached. After you configure this command from ACS CLI, a cron job starts running every minute and monitors the ACS partitions one by one. If any one of the partitions reaches its threshold limit, then ACS sends a trap to the configured SNMP server with the disk path and the threshold limit value. Multiple traps are sent if multiple partitions reaches its threshold limit. You can view the SNMP traps using the traps receiver in a MIB browser. Sample SNMP trap for disk utilization: Source: 10.77.243.144 Timestamp: 48 hours 25 minutes 5 seconds SNMP Version: 1 Enterprise: .iso.org.dod.internet.private.enterprises.ucdavis.dskTable.dskEntry.dskPath Specific: 0 Generic: enterpriseSpecific Variable Bindings: ________________________________________ Name: .iso.org.dod.internet.private.enterprises.ucdavis.dskTable.dskEntry.dskPath Value: [OctetString] /boot Sample SNMP Trap for the threshold value of particular disk partition: Source: 10.77.243.144 Timestamp: 48 hours 25 minutes 5 seconds SNMP Version: 1 Enterprise: .iso.org.dod.internet.private.enterprises.ucdavis.dskTable.dskEntry.dskPercent Specific: 0 Generic: enterpriseSpecific Variable Bindings: ________________________________________ Name: .iso.org.dod.internet.private.enterprises.ucdavis.dskTable.dskEntry.dskPercent Value: [Integer] 19 ACS sends these traps using the OIDs “dskpath” and “dskpercent” that belongs to the UCD-SNMP MIB. When you remove and add an SNMP manager from ACS CLI, you will not receive the traps immediately. You have to wait for at least two minutes after the removal or addition of SNMP manager to receive traps. You can run the show running config command to view the configured disk threshold limit. Configuring SNMP Server for Monitoring Disk Utilization Before you Begin: An SNMP host and the community string must be configured. See Configuring SNMP Server to Receive Traps from ACS, page 15.To configure an SNMP server to monitor disk partition utilization: 1.Log in to the ACS CLI using the CLI username and password. 2.Enter config t to enter configuration mode. 3.Enter the command snmp-server trap dskThresholdLimit . For more information on this command, see the CLI Reference Guide for Cisco Secure Access Control System. Note: You must configure both the host and the community string to send traps from ACS to a configured SNMP host.
17 Managing System Operations and Configuration in the Monitoring and Report Viewer Configuring SNMP Preferences The SNMP server is now configured to send SNMP traps for monitoring disk utilization. Configuring SNMP Preferences You can configure SNMP preferences to authenticate access to MIB objects. The text string that you enter for SNMP preference functions as an embedded password. To configure SNMP preferences: 1.From the Monitoring and Report Viewer, choose Monitoring Configuration > System Configuration > SNMP Settings. The SNMP Preferences page appears. 2.Enter a password in the SNMP V2 Read Community String field to authenticate MIB objects. 3.Click Submit. Understanding Collection Filters You can create collection filters that allow you to filter and drop syslog events that are not used for monitoring or troubleshooting purposes. When you configure collection filters, the Monitoring and Report Viewer does not record these events in the database and thus saves much needed disk space. Note: ACS 5.7 supports collecting syslog messages from IPv6 sources. This section contains the following topics: Creating and Editing Collection Filters, page 18 Deleting Collection Filters, page 18
18 Managing System Operations and Configuration in the Monitoring and Report Viewer Understanding Collection Filters Creating and Editing Collection Filters Use this page to create or edit collection filters. To do this: 1.From the Monitoring and Report Viewer, choose Monitoring Configuration > System Configuration > Collection Filters. The Collection Filters page appears. 2.In the Filters area, do one of the following: Click Create to create a collection filter. Check the check box of the syslog attribute that you want to edit, then click Edit. Check the check box of the syslog attribute that you want to delete, then click Delete. The Add or Edit Collection Filters page described in Table 11 on page 18 appears. 3.Click Submit. Related Topics Creating and Editing Collection Filters, page 18 Deleting Collection Filters, page 18 Deleting Collection Filters To delete a collection filter: 1.Choose Monitoring Configuration > System Configuration > Collection Filters. The Collection Filters page appears. Table 11 Add or Edit Collection Filters Page Option Description Syslog AttributeIn the Add Filter page, choose any one of the following syslog attributes: —NAS IP Address—IPv4 and IPv6 addresses are supported. —Access Service —MAC Address —User In the Edit Filter page, this field is Display only. Value Enter the value of the syslog attribute: NAS IP Address—Enter the IP address of the NAS that you want to filter. Access Service—Enter the name of the access service that you want to filter. MAC Address—Enter the MAC address of the machine that you want to filter. User—Enter the username of the user you want to filter.