Multiple ACS send log to a remote agent.

Answered Question
Mar 21st, 2010

Could you please show example of how to configure more than ACS to a  remote agent. I tried to add ConfigProviderHost in CSAgent.ini as  follows :

ConfigProviderHost=192.168.1.x  ,192.168.2.x

But it's  not work. The remote agent didn't got any log.

I need to add Remote agent in Network menu or must modify CSAgent.ini or .....

Please advise.

Thank you.

Nash

I have this problem too.
0 votes
Correct Answer by ahajivandi about 6 years 8 months ago

Hello Nash,

I think you should level up the version of the ACS SE's to 4.2 (in your situation).

And then upgrade your Remote Agent software to 4.2 and everything will work.

The problem is that one agent version (4.x) can not serve separate SE versions

You can only use one Host provider with more Clients.

ConfigProviderHost=192.168.1.1

Regards,

-Aryan

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jennifer Halim Sun, 03/21/2010 - 22:05

You just have to configure multiple lines of ConfigProviderHost. Example as follows:

ConfigProviderHost=192.168.1.x
ConfigProviderHost=192.168.2.x
ConfigProviderHost=192.168.3.x

Hope that helps.

Paniphon Tanomp... Mon, 03/22/2010 - 04:15

@halijenn : It's still doesn't work. The remote agent didn't got any log.

Could you please advise other methods.

Thank you.

Nash

Jennifer Halim Mon, 03/22/2010 - 04:24

Hi Nash,

Did you reinitialize the CSAgent service after the changes?

Here is the procedure for your reference:

http://www.cisco.com/en/US/partner/docs/net_mgmt/cisco_secure_access_control_server_for_solution_engine/4.0/installation/guide/remote_agent/rawcfg.html#wp361811

And I assume that you have enable the logging on the ACS SE itself. If you haven't, here is how to do so:

http://www.cisco.com/en/US/docs/security/security_management/cs-mars/6.0/device/configuration/guide/cfgAaaSv.html#wp914172

Hope it helps.

Paniphon Tanomp... Mon, 03/22/2010 - 05:40

Hi Halijenn,

I have restarted the CSAgent service already but it's still not work.

If I configures a ACS send log to a remote agent by configuring one provider host ( ConfigProviderHost=192.168.1.x ) , the remote agent can get log normally.

If I configures multiple ACS send log to a remote agent by configuring multiple provider host ( that doesn't explain in Cisco document as link :

http://www.cisco.com/en/US/partner/docs/net_mgmt/cisco_secure_access_control_server_for_solution_engine/4.0/installation/guide/remote_agent/rawcfg.html )

, the remote agent can't get any log which I have already enable all logging munu on the ACS SE.

Please advise.

Thank you.

Jennifer Halim Mon, 03/22/2010 - 13:58

Hi Paniphon,

Say you have 2 ACSSE: 192.168.1.5 and 192.168.2.5

You mentioned earlier that if you configure just 1 ConfigProviderHost, it works just fine.

1) Have you tried just configuring 1 ConfigProviderHost for both the above ip addresses, ie: just try 1 ip for 192.168.1.5 and see if it works, and then just try 1 ip for 192.168.2.5 and see if it works.

2) I just want to rule out that the second ip address is reachable and sending the logs if it is configured by itself.

What is the version of both the ACS SE?

Paniphon Tanomp... Mon, 03/22/2010 - 21:21

Hi Halijenn,

Both of ACS appliances can access the log server. This log server is running many critical applications which I cannot test on this server many times.

The version of both the ACS SE are 4.1 and 4.2

Thank you.

Nash

Jennifer Halim Tue, 03/23/2010 - 00:07

1) Can you please share the "CSAgent.ini" file after you have configured and tested multiple ACS SE.


2) Does the order of the ACS SE matter when you configure multiple ACS SE? First line works and second line doesn't? If you swap the ip address around, is it still the first line that works and second line doesn't?

Example:
If you have the CSAgent.ini with the following:
ConfigProviderHost=192.168.1.5
ConfigProviderHost=192.168.1.8

Only logging from 192.168.1.5 works?

and if you have the following configured:
ConfigProviderHost=192.168.1.8
ConfigProviderHost=192.168.1.5

Only logging from 192.168.1.8 works?

Paniphon Tanomp... Tue, 03/23/2010 - 20:18

Hi Halijenn,

1) Please see details below:

[CSAgent]
; This is the main service's configuration section...

; This service's communication port
; Port=2004

; The configuration provider hostname/IP address:
; ConfigProviderHost=servername
;  or
; ConfigProviderHost=127.0.0.1      ( *** I have tried ConfigProviderHost=192.168.1.1 ,192.168.2.1  already, but not work. *** )
ConfigProviderHost=192.168.1.1

ConfigProviderHost=192.168.2.1

; The configuration provider's port:
ConfigProviderPort=2003

; You can restrict which clients can use the agent
; manager using the following syntax:
; PermittedClients=192.168.1.*,10.49.*.*,1.2.3.4

; List of agents to activate
; Agent=agent1,agent2,...
Agents=CSLogAgent

2) The information from Cisco document as link: /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:11.0pt; mso-bidi-font-size:14.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:"Times New Roman"; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Cordia New"; mso-bidi-theme-font:minor-bidi;}

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_solution_engine/4.0/installation/guide/remote_agent/rawo.html

that show some information as details below:

/* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:11.0pt; mso-bidi-font-size:14.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:"Times New Roman"; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Cordia New"; mso-bidi-theme-font:minor-bidi;}

Configuration Provider

Although a remote agent can accept inbound communication from many appliances, it accepts configuration instructions from only a single appliance that you specify in the CSAgent.ini file. This special appliance is called a configuration provider.

I think above information that relate a CSAgent.ini configuration. I think you can configure only one ConfigProviderHost or you need to use other method to configure ACS SE or Remote agent in order to get log from multiple ACS SE.


Please advise.


Thank you.


Nash

Jennifer Halim Wed, 03/24/2010 - 04:32

What is the version of your remote agent? I would suggest upgrading it because as far as the configuration is concern, it is correct, and I've seen it work with multiple ACS SE logging to a single remote agent.


The configuration advised should be sufficient for multiple ACS SE logging to 1 remote agent.

Remote agent can support up to 5 concurrent ACS SE. Quote from the same document:

"While a single ACS Remote Agent can provide  services to many ACS SE appliances, support is limited to five  concurrent connections by the appliances served. For example, if you  have three primary ACS appliances, and three secondary ACS appliances  that are used for failover purposes only, the remote agent can provide  services to all six appliances and stay below the maximum of five  concurrent connections."

Also check out the logging section from the same document:

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_solution_engine/4.0/installation/guide/remote_agent/rawo.html#wp220025

It provides examples from multiple ACS SE.

Paniphon Tanomp... Wed, 03/24/2010 - 05:18

Hi Halijenn,

Could you please show examples of multiple ACS SE because I cannot find it in the document.

Thank you.

Nash

Correct Answer
ahajivandi Tue, 03/30/2010 - 06:03

Hello Nash,

I think you should level up the version of the ACS SE's to 4.2 (in your situation).

And then upgrade your Remote Agent software to 4.2 and everything will work.

The problem is that one agent version (4.x) can not serve separate SE versions

You can only use one Host provider with more Clients.

ConfigProviderHost=192.168.1.1

Regards,

-Aryan

Actions

This Discussion