Cisco Secure ACS not logging correctly

Unanswered Question
Jun 12th, 2009

I asked an ACS question in this thread the other day and it got answered so not sure if this is the right thread or not but I couldn't see any ACS questions under the Security or AAA threads.

I'm running 2 ACS 4.2(patch 11) servers and the logging seems to have stopped working. Whilst some events are logged sporadically (some devices in particular consistently work - CatOS switches seem to still log TACACS accounting), the majority of messages I would expect to see in most of the logs are not present.

I have tried changing the frequency of the logging from monthly to weekly to daily and each time I change the frequency its as if some messages that were "held up" suddenly appear in the penultimate log file where they should have been present the whole time.

I can confirm that the ACS server is handling the AAA correctly just that it seems to not log it.

I was thinking about raising a TAC but thought I'd try here first.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Paul Wedde Fri, 05/21/2010 - 01:16

Figured I should answer my own thread incase anyone else happens to be browsing by.

This was down to a known issue with remote logging. When the system was set up to log remotely to it's other ACS's all the log messages get "tied up" somehow. The work around for this version was to disable remote logging (System Configuration\ Logging\ Remote Logging Servers Configuration)

Richard Burts Sun, 05/23/2010 - 20:20

Paul

I was browsing by and I want to express our collective thanks to those who raise a question and then come back to post an answer when they have solved the issue. It helps make the forum more useful when people can read about an issue and can read what resolved the issue. And it is even better when the original poster is able to post the solution.

So thanks to you.

HTH

Rick

Actions

This Discussion