Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1044
Views
0
Helpful
1
Replies

Upgraded to ACS 5.5 no more logs

Scott Fella
Hall of Fame
Hall of Fame

‎02-25-2014 04:34 AM - edited ‎03-10-2019 09:27 PM

I upgraded from ACS 5.4 to ACS 5.5 about a month ago and just using ACS for TACACS only. After the upgrade on the primary and secondary, I stopped seeing anything in the logs as far as passed and failed TACACS attempts. The weird thing is that the previous logs were still showing up and not any new ones. I can reset the counters on the policy and I do see the hit counters incrementing and I can access equipment with no issues. Is there something that I need to enable when I upgraded to ACS 5.5 from 5.4 that got disabled from the upgrade? I do have the primary node as the collector.

Scott

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
Labels:
0 Helpful
1 Reply 1

Muhammad Munir
Level 5
Level 5

‎03-04-2014 05:05 AM

Hi Scott,

FYI,

The syslog messages have a sequence number attached. If the Monitoring and Report Viewer goes down or if it is not able to receive messages from ACS, then the Monitoring and Report Viewer retries those missed logs from ACS, using the logging recovery mechanism.

The Monitoring and Report Viewer processes the syslog messages, and identifies any discrepancies in the sequence. In this way, it finds the messages that have been missed.

The Monitoring and Report Viewer then notifies the ACS server to resend the missing log messages. ACS server processes the messages stored in its local store and resends them to the Monitoring and Report Viewer.

For the Recovering Log Messages feature to work as desired, you must enable the Log to Local Target option for the relevant logging categories in ACS under System Administration > Configuration > Log Configuration > Logging Categories > Global.

To enable Recovering Log Messages, from the Monitoring and Report Viewer, select Monitoring Configuration > System Operations > Log Message Recovery.

For more detail, please go through the following link:

http://www.cisco.com/c/en/us/td/docs/net_mgmt/cisco_secure_access_control_system/5-5/user/guide/acsuserguide/viewer_sys_ops.html#wp1052728

0 Helpful
Customers Also Viewed These Support Documents