Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

[ACS 5.4] Logs access from secondary server

Hi,

I have 2 ACS 5.4 in distributed environment. Everything left to defaults besides policy.

Let assume ACS-A is the primary and ACS-B is the secondary. Regularly, I'd connect to ACS-A to make changes and WATCH LOGs.

Now, let assume ACS-A is down. Obviously, I connect to ACS-B and everything works fine, besides logs. When I click on 'logs center', a blank window opens and nothing happens.

But the URL it tries to open, it's ACS-A.

Now, from what I saw, ACS-A being the primary box is the log collector for a distributed environment, by default. But how I supposed to watch the logs on a secondary server when primary is down?

Thank you.

7 REPLIES
New Member

Re: [ACS 5.4] Logs access from secondary server

Hi Alex.

Its working like a charm in Firefox 23.0.1.

IE and Chrome not working.


New Member

Re: [ACS 5.4] Logs access from secondary server

Thank you for replying.

That's interesting.

In my case I shut down ACS-A. And, from ACS-B GUI, I saw after clicking on logs – it goes to ACS-A (you see this clearly in browser address bar)!

Now, since ACS-A is shut down you cannot possibly get it in browser A and not in browser B. Maybe Cisco guys can clarify this.

Cisco Employee

Re: [ACS 5.4] Logs access from secondary server

Alex, that's what I am thinking that why we're talking about browser's here

Let me attempt to answer your question; in order to restore logging, as soon as primary is down, login to secondary device, de-register it from primary (THIS STEP WOULD RESTART THE SERVICES) and change the logging server to point to itself. Once a device becomes standalone, it'll be the log collector for itself unless you specify a syslog server.

All new authentications will start getting logged on to secondary ACS because currently it's a log collector. The old logs that were on dead master cannot be viewed from secondary.

After primary fails and before secondary is made standalone or new primary, you'll not be able to monitor logs. Since primary is configured as log server in your secondary servers, when you launch monitoring and reports page, it'll launch monitoring and reports from primary device and as primary is down, you'll not be able to view logs.

However, you can enable Log message recovery option in ACS so that the missing entries can be resent to log collector when it's up and running.

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.3/user/guide/viewer_sys_ops.html#wp1083029

Let me know if you have any query/concern.

~BR
Jatin Katyal

**Do rate helpful posts**

~BR Jatin Katyal **Do rate helpful posts**
Cisco Employee

[ACS 5.4] Logs access from secondary server

Did that help you understanding and resolving your query? Let us know if you have any further questions.

~BR
Jatin Katyal

**Do rate helpful posts**

~BR Jatin Katyal **Do rate helpful posts**
New Member

[ACS 5.4] Logs access from secondary server

Hi,

Thank You.

Yes, this answers my question on a technical level. From a user viewpoint, it's disappointing though. A well-established system should make logs available unrelated to any physical machine failure, in my opinion.

Silver

Re: [ACS 5.4] Logs access from secondary server

Hello Alex,

The following are the supported browsers and it should work fine in all fo them. Please have a look at them:-

Supported Web Client and Browsers

You can access the ACS 5.4 administrative user interface using the following web clients and browsers:

MAC Platform

Mozilla Firefox version 3.x

Mozilla Firefox version 10.x

Windows 7 32-bit

Windows 7 64-bit

Windows XP Professional (Service Pack 2 and 3)

Internet Explorer version 7.x

Internet Explorer version 8.x

Internet Explorer version 9.x

Mozilla Firefox version 3.x

Mozilla Firefox version 8.x

Mozilla Firefox version 9.x

Mozilla Firefox version 10.x

The above mentioned browsers are supported only with one of the following cipher suits:

-TLS_RSA_WITH_AES_256_CBC_SHA

-TLS_RSA_WITH_AES_128_CBC_SHA

-RSA_WITH_3DES_EDE_CBC_SHA

New Member

Re: [ACS 5.4] Logs access from secondary server

492
Views
20
Helpful
7
Replies
CreatePlease to create content