Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
804
Views
0
Helpful
5
Replies

LMS : RME Troubleshooting

drew.salmon
Level 1
Level 1

‎03-26-2010 06:54 AM

We are seeing an issue where RME is trying to access several, but not all, firewalls in our environment. It seems RME is trying to get the configuration, but for some reason it keeps logging in over and over and issuing the below commands. This info comes from a RME syslog report. The problem it is causing is VERY annoying. We also have MARS in our environment for alerting on firewall changes. The "configure terminal" syslog message, which is also sent to MARS, sets this off. It is creating a vicious circle, which generates MARS alerts every 5 to 10 minutes. I do have an active TAC case on this issue, but it is going nowhere. I have to figure out what is causing this and make it stop!

User ''x'' executed the ''terminal pager lines 0'' command.
User ''x'' executed the ''terminal pager lines 0'' command.
User ''x'' executed the ''configure terminal'' command.
User ''x'' executed the ''pager lines 0'' command.
User ''x'' executed the ''disable'' command.
User ''x'' executed the ''terminal pager lines 0'' command.
User ''x'' executed the ''terminal pager lines 0'' command.
User ''x'' executed the ''configure terminal'' command.
User ''x'' executed the ''terminal width 0'' command.
User ''x'' executed the ''terminal no monitor'' command.
User ''x'' executed the ''pager lines 0'' command.
User ''x'' executed the ''configure terminal'' command.
User ''x'' executed the ''no pager'' command.
User ''x'' executed the ''terminal pager lines 0'' command.
User ''x'' executed the ''terminal pager lines 0'' command.
User ''x'' executed the ''configure terminal'' command.
User ''x'' executed the ''terminal width 0'' command.
User ''x'' executed the ''terminal no monitor'' command.
User ''x'' executed the ''configure terminal'' command.
User ''x'' executed the ''no pager'' command.
User ''x'' executed the ''configure terminal'' command.
User ''x'' executed the ''pager lines 0'' command.
User ''x'' executed the ''configure terminal'' command.
User ''x'' executed the ''no pager'' command.
User ''x'' executed the ''terminal pager lines 0'' command.
User ''x'' executed the ''terminal pager lines 0'' command.
User ''x'' executed the ''configure terminal'' command.
User ''x'' executed the ''no pager'' command.
User ''x'' executed the ''configure terminal'' command.
User ''x'' executed the ''configure terminal'' command.
User ''x'' executed the ''pager lines 0'' command.
User ''x'' executed the ''disable'' command.

Labels:
0 Helpful
5 Replies 5

Joe Clarke
Cisco Employee
Cisco Employee

‎03-26-2010 11:10 AM

This could be related to the old bug CSCsi07492.  Every time RME sees a certain syslog message from the PIX, it tries to archive the config.  However, when RME logs into the PIX, and disables the pager, it triggers the same syslog.  This can lead to a loop.  Go to RME > Tools > Syslog > Automated Actions, and edit the Config Fetch action.  Remove the following syslog pattern, and see if that helps:

PIX-*-5-111005:*

--

Please support CSC Helps Haiti

https://supportforums.cisco.com/docs/DOC-8895

https://supportforums.cisco.com

0 Helpful

drew.salmon
Level 1
Level 1
In response to Joe Clarke

‎03-26-2010 11:32 AM

Hello Joe! As always, your assistance is greatly appreciated!

I have a question regarding this solution. We use CW to archive each PIX/ASA config change made, which is mandated by internal audit. Will removing that syslog pattern stop that from happening?

Thank you,

Drew

0 Helpful

Joe Clarke
Cisco Employee
Cisco Employee
In response to drew.salmon

‎03-26-2010 10:54 PM

Yes.  You will still get archives if you're doing periodic polling or collection, but you will not get an archive each time a config change is made.

--

Please support CSC Helps Haiti

https://supportforums.cisco.com/docs/DOC-8895

https://supportforums.cisco.com

0 Helpful

netmaster-uni-bi
Level 1
Level 1
In response to Joe Clarke

‎04-01-2010 04:40 AM

RME should try hard to archive the running config without altering it!

This should be possible for all releases that support "terminal pager lines 0" and would avoid the config fetching loop.

0 Helpful

Joe Clarke
Cisco Employee
Cisco Employee
In response to netmaster-uni-bi

‎04-01-2010 09:15 PM

This point was actually raised in CSCsi07492, but at the time, it was deemed easier considering the ubiquity of PIXOS 6.x code to simply remove the syslog messages.  It's probably time to re-evaluate that.

--

Please support CSC Helps Haiti

https://supportforums.cisco.com/docs/DOC-8895

https://supportforums.cisco.com

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents