cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1482
Views
0
Helpful
12
Replies

Multiple ACS send log to a remote agent.

Nashja
Level 1
Level 1

Could you please show example of how to configure more than ACS to a  remote agent. I tried to add ConfigProviderHost in CSAgent.ini as  follows :

ConfigProviderHost=192.168.1.x  ,192.168.2.x

But it's  not work. The remote agent didn't got any log.

I need to add Remote agent in Network menu or must modify CSAgent.ini or .....

Please advise.

Thank you.

Nash

1 Accepted Solution

Accepted Solutions

Hello Nash,

I think you should level up the version of the ACS SE's to 4.2 (in your situation).

And then upgrade your Remote Agent software to 4.2 and everything will work.

The problem is that one agent version (4.x) can not serve separate SE versions

You can only use one Host provider with more Clients.

ConfigProviderHost=192.168.1.1

Regards,

-Aryan

View solution in original post

12 Replies 12

Jennifer Halim
Cisco Employee
Cisco Employee

You just have to configure multiple lines of ConfigProviderHost. Example as follows:

ConfigProviderHost=192.168.1.x
ConfigProviderHost=192.168.2.x
ConfigProviderHost=192.168.3.x

Hope that helps.

@halijenn : It's still doesn't work. The remote agent didn't got any log.

Could you please advise other methods.

Thank you.

Nash

Hi Nash,

Did you reinitialize the CSAgent service after the changes?

Here is the procedure for your reference:

http://www.cisco.com/en/US/partner/docs/net_mgmt/cisco_secure_access_control_server_for_solution_engine/4.0/installation/guide/remote_agent/rawcfg.html#wp361811

And I assume that you have enable the logging on the ACS SE itself. If you haven't, here is how to do so:

http://www.cisco.com/en/US/docs/security/security_management/cs-mars/6.0/device/configuration/guide/cfgAaaSv.html#wp914172

Hope it helps.

Hi Halijenn,

I have restarted the CSAgent service already but it's still not work.

If I configures a ACS send log to a remote agent by configuring one provider host ( ConfigProviderHost=192.168.1.x ) , the remote agent can get log normally.

If I configures multiple ACS send log to a remote agent by configuring multiple provider host ( that doesn't explain in Cisco document as link :

http://www.cisco.com/en/US/partner/docs/net_mgmt/cisco_secure_access_control_server_for_solution_engine/4.0/installation/guide/remote_agent/rawcfg.html )

, the remote agent can't get any log which I have already enable all logging munu on the ACS SE.

Please advise.

Thank you.

Hi Paniphon,

Say you have 2 ACSSE: 192.168.1.5 and 192.168.2.5

You mentioned earlier that if you configure just 1 ConfigProviderHost, it works just fine.

1) Have you tried just configuring 1 ConfigProviderHost for both the above ip addresses, ie: just try 1 ip for 192.168.1.5 and see if it works, and then just try 1 ip for 192.168.2.5 and see if it works.

2) I just want to rule out that the second ip address is reachable and sending the logs if it is configured by itself.

What is the version of both the ACS SE?

Hi Halijenn,

Both of ACS appliances can access the log server. This log server is running many critical applications which I cannot test on this server many times.

The version of both the ACS SE are 4.1 and 4.2

Thank you.

Nash

1) Can you please share the "CSAgent.ini" file after you have configured and tested multiple ACS SE.


2) Does the order of the ACS SE matter when you configure multiple ACS SE? First line works and second line doesn't? If you swap the ip address around, is it still the first line that works and second line doesn't?

Example:
If you have the CSAgent.ini with the following:
ConfigProviderHost=192.168.1.5
ConfigProviderHost=192.168.1.8

Only logging from 192.168.1.5 works?

and if you have the following configured:
ConfigProviderHost=192.168.1.8
ConfigProviderHost=192.168.1.5

Only logging from 192.168.1.8 works?

Hi Halijenn,

1) Please see details below:

[CSAgent]
; This is the main service's configuration section...

; This service's communication port
; Port=2004

; The configuration provider hostname/IP address:
; ConfigProviderHost=servername
;  or
; ConfigProviderHost=127.0.0.1      ( *** I have tried ConfigProviderHost=192.168.1.1 ,192.168.2.1  already, but not work. *** )
ConfigProviderHost=192.168.1.1

ConfigProviderHost=192.168.2.1

; The configuration provider's port:
ConfigProviderPort=2003

; You can restrict which clients can use the agent
; manager using the following syntax:
; PermittedClients=192.168.1.*,10.49.*.*,1.2.3.4

; List of agents to activate
; Agent=agent1,agent2,...
Agents=CSLogAgent

2) The information from Cisco document as link:

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_solution_engine/4.0/installation/guide/remote_agent/rawo.html

that show some information as details below:

Configuration Provider

Although a remote agent can accept inbound communication from many appliances, it accepts configuration instructions from only a single appliance that you specify in the CSAgent.ini file. This special appliance is called a configuration provider.

I think above information that relate a CSAgent.ini configuration. I think you can configure only one ConfigProviderHost or you need to use other method to configure ACS SE or Remote agent in order to get log from multiple ACS SE.


Please advise.


Thank you.


Nash

What is the version of your remote agent? I would suggest upgrading it because as far as the configuration is concern, it is correct, and I've seen it work with multiple ACS SE logging to a single remote agent.


The configuration advised should be sufficient for multiple ACS SE logging to 1 remote agent.

Remote agent can support up to 5 concurrent ACS SE. Quote from the same document:

"While a single ACS Remote Agent can provide  services to many ACS SE appliances, support is limited to five  concurrent connections by the appliances served. For example, if you  have three primary ACS appliances, and three secondary ACS appliances  that are used for failover purposes only, the remote agent can provide  services to all six appliances and stay below the maximum of five  concurrent connections."

Also check out the logging section from the same document:

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_solution_engine/4.0/installation/guide/remote_agent/rawo.html#wp220025

It provides examples from multiple ACS SE.

Hi Halijenn,

Could you please show examples of multiple ACS SE because I cannot find it in the document.

Thank you.

Nash

Hello Nash,

I think you should level up the version of the ACS SE's to 4.2 (in your situation).

And then upgrade your Remote Agent software to 4.2 and everything will work.

The problem is that one agent version (4.x) can not serve separate SE versions

You can only use one Host provider with more Clients.

ConfigProviderHost=192.168.1.1

Regards,

-Aryan

It's working now !!!


@Ahajivandi : Thank you very much.

@Hajilen : Thank you for your help.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: