CSA Logs

Unanswered Question
Oct 13th, 2010
User Badges:

I keep seeing this in my logs, can anyone tell me what I can do to stop them?

/* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi;}

At Tue Oct 12 10:01:14 CDT 2010 on node, the following SyslogSeverityMatchFound events generated: 

SeverityMatch : Critical

MatchedEvent : Oct 12 10:01:02 CCMPUB local4 2 : 30426: CCMPUB: Oct 12 2010 10:01:02.954 -0500: %CSA-2-EVENT_ASVC_CONF_DENY: %[PID=4581][component=CiscoSecurityAgent] : The process '/bin/chown' (as user root(0) group root(0)) attempted to modify a Cisco Security Agent resource file /common/log/taos-log-b/syslog/csalog which is located in a Cisco directory. The operation was denied. [rule 287] AppID : Cisco Syslog Agent ClusterID : 


TimeStamp : Tue Oct 12 10:01:03 CDT 2010

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
mmendezv Thu, 10/21/2010 - 02:46
User Badges:
  • Cisco Employee,

What is the CallManager version?

mmendezv Thu, 10/21/2010 - 14:16
User Badges:
  • Cisco Employee,
Seems you are running into a known defect: 

SyslogSeverityMatchFound Alarm Fires for CSA Owner change

Alarm is being triggered saying that there is a security issue when there is not.

Disable CSA from cli "utils csa disable" to avoid the blocking.

You can review this information using the Bug Toolkit

(http://www.cisco.com/cgi-bin/Support/Bugtool/launch_bugtool.pl) and the defect ID: CSCti45564


scheived Mon, 10/25/2010 - 08:17
User Badges:

Looks like the versions this bug is fixed in aren't available for download yet,

can't wait though. I'll update when they are.


This Discussion