Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ACS 5.4 backup status in syslog

Have raised a TAC for this but thought I'd post here too.

We are running ACS v5.4 Patch 1.

We have noticed that ACS will not produce syslog messages about scheduled backups (success or failure)

(1)    From the GUI, under “System Administration >  Configuration >  Log Configuration >  Remote Log Targets”, we have configured a remote syslog host. 

(2)    Then, each logging category under “System Administration > Configuration >  Log Configuration >  Logging Categories >  Global”, we have configured everything to log to the remote target.

(3)    However, no messages regarding successful or failed backups ever arrive via syslog.

Backup status can be checked by running “show backup history” from the CLI. 

However, syslog communication between ACSView and ACS show backup status OK.

You can find backup information in ACS View under:

Monitoring & Reports >  Reports >  Catalog >  ACS Instance > ACS Operations Audit

We have one quite simple requirement – that ACS produces syslog messages stating backup success and failure.  This will drive our alarm system.

Has anyone else got this to work?

Pretty simple request - backup success/failure in syslog messages!

Forcing the output of ade.log to syslog would also do it.  Would rather not hack around under the covers with root patch though.

Cheers!

Everyone's tags (2)
2 REPLIES
Cisco Employee

Re: ACS 5.4 backup status in syslog

Hi Rob,

I was going through your requirement and that seems to be an important notification. If we look at the ACS 5.4 guide > under logging categories. It does talk about ACS operational changes—Logs all operations  requested by administrators, including promoting an ACS from your  deployment as the primary, requesting a full replication, performing  software downloads, doing a backup or restore, generating and restoring  PACs, and so on.

Administrative and operational audit log messages are always sent to the  local store, and you can also send them to remote syslog server and  Monitoring and Reports server targets.

Log messages are sent to the local store with this syslog message format:

time stamp sequence_num msg_code msg_sev msg_class msg_text attr=value

Log target and logging categories.

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.4/user/guide/logging.html#wp1052656

Since you've configured ACS logging categories to log everything. It should work fine. Can you see the same message success or failure under local store logs of ACS. If we can see it there it means ACS is sending it, after that we can check in the log forwarder file and run the packet capture on the syslog server.

~BR
Jatin Katyal

**Do rate helpful posts**

~BR Jatin Katyal **Do rate helpful posts**

This problem continues in ACS

This problem continues in ACS 5.6. I follow the recommendations but the message is never sent to remote Syslog server.

 

I resolve this by CLI. I changed the "logging local" with "logging 10.200.75.20" where 10.200.75.20 is the IP address of my remote Syslog Server.

 

Now I can see the MSGCATnnn, logger and ADE-Service syslog messages.

771
Views
0
Helpful
2
Replies
CreatePlease login to create content