ACS log file size

Unanswered Question
Jun 21st, 2007

ACS 3.3 - RDS logs are growing to incredible sizes - currently just under 4gb per day. Previously it had averaged around 400mb per day.

What would cause this file to grow to this size?

Is there a way to move these or even just turn them off? I don't see a whole lot of "important" information in these files.

I have most of the other files pointing to a different drive, but I don't see anything for changing the location of this log.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (2 ratings)
Loading.
jreekers Thu, 06/21/2007 - 08:59

Hi.

I'm not sure why the RDS logs are growing so fast unless debugging has been enabled.

One thing you can do to manage the log file, is to use the logrot utility. Although created initially for Ciscoworks, it should be fine to use with ACS.

Please refer to the link wherein you can download the LOGROT installer. Download the

latest Windows or Solaris version ("logrot -win.zip" or logrot-unix.tar.Z).

http://sourceforge.net/project/showfiles.php?group_id=25401&package_id=79001

Refer to the installation procedure in the readme file (also at that link).

Logrot is not limited to rotating only CiscoWorks log files. You can use logrot to rotate any file you wish. Logrot has some unique features over other log rotation programs:

* Logrot can optionally archive and compress rotated logs

* Logrot can be configured to rotate logs only when they have reached a certain size.

Please let me know if this helps.

-Joe

jreekers Thu, 06/21/2007 - 09:05

Sorry...forgot to answer this part of your question...

If you go into the CiscoSecure ACS Admin screen to the "System Configuration" Menu, check the following:

Under "Service Control":

Make sure the Log File "Level of detail" is set to "Low" and not to "Full". We use Full

logging for debugging.

HTH,

-Joe

mdcole Thu, 06/21/2007 - 09:34

Thanks! I did notice that it was set to "Full" but I'm not sure how it was changed from "Low." I noticed that that stuff isn't logged in the administrative audit.

I think I'm the only user with access to that screen, but I don't recall messing with those settings. Strange.

Do you know if there is a way to point those log files to another directory or drive? I only have 4gb of free space on my drive.

jreekers Thu, 06/21/2007 - 09:57

Hi.

To enable remote logging, first you have to add a remote agent. From the online help:

Remote Agents

Cisco Secure ACS uses remote agents for remote logging and for Windows authentication. You must configure remote agents before you can perform either remote logging or Windows authentication.

Adding a Remote Agent

If you are using NDGs, you must first access the NDG to which you want to add a remote agent. To do so, click the name of the NDG in the Network Device Groups table (in Network Configuration).

To add a remote agent, click Add Entry.

Editing a Remote Agent

If you are using NDGs, you must first access the NDG of which the remote agent is a member. To do so, click the name of the NDG in the Network Device Groups table.

To edit information for an existing remote agent, click the name of the server whose information you want to change.

Once done with that, you can go to system configuration, logging, and can set the directory location for each logging file type to point to a different directory location.

Not all of the log files can be changed unfortunately, but those that you can change

are listed there.

Hope this helps, and please rate any posts that are helpful.

Regards,

-Joe

mdcole Thu, 06/21/2007 - 12:11

Thanks again. I guess the location of this particular log is not able to be changed. I have the other logs being dumped to a secondary location (due to a similar problem a few years ago).

I guess I will have to just monitor this server and make sure the settings don't get changed again.

Actions

This Discussion

 

 

Trending Topics - Security & Network