Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

LMS : RME Troubleshooting

We are seeing an issue where RME is trying to access several, but not all, firewalls in our environment. It seems RME is trying to get the configuration, but for some reason it keeps logging in over and over and issuing the below commands. This info comes from a RME syslog report. The problem it is causing is VERY annoying. We also have MARS in our environment for alerting on firewall changes. The "configure terminal" syslog message, which is also sent to MARS, sets this off. It is creating a vicious circle, which generates MARS alerts every 5 to 10 minutes. I do have an active TAC case on this issue, but it is going nowhere. I have to figure out what is causing this and make it stop!

User ''x'' executed the ''terminal pager lines 0'' command.
User ''x'' executed the ''terminal pager lines 0'' command.
User ''x'' executed the ''configure terminal'' command.
User ''x'' executed the ''pager lines 0'' command.
User ''x'' executed the ''disable'' command.
User ''x'' executed the ''terminal pager lines 0'' command.
User ''x'' executed the ''terminal pager lines 0'' command.
User ''x'' executed the ''configure terminal'' command.
User ''x'' executed the ''terminal width 0'' command.
User ''x'' executed the ''terminal no monitor'' command.
User ''x'' executed the ''pager lines 0'' command.
User ''x'' executed the ''configure terminal'' command.
User ''x'' executed the ''no pager'' command.
User ''x'' executed the ''terminal pager lines 0'' command.
User ''x'' executed the ''terminal pager lines 0'' command.
User ''x'' executed the ''configure terminal'' command.
User ''x'' executed the ''terminal width 0'' command.
User ''x'' executed the ''terminal no monitor'' command.
User ''x'' executed the ''configure terminal'' command.
User ''x'' executed the ''no pager'' command.
User ''x'' executed the ''configure terminal'' command.
User ''x'' executed the ''pager lines 0'' command.
User ''x'' executed the ''configure terminal'' command.
User ''x'' executed the ''no pager'' command.
User ''x'' executed the ''terminal pager lines 0'' command.
User ''x'' executed the ''terminal pager lines 0'' command.
User ''x'' executed the ''configure terminal'' command.
User ''x'' executed the ''no pager'' command.
User ''x'' executed the ''configure terminal'' command.
User ''x'' executed the ''configure terminal'' command.
User ''x'' executed the ''pager lines 0'' command.
User ''x'' executed the ''disable'' command.

5 REPLIES
Cisco Employee

Re: LMS : RME Troubleshooting

This could be related to the old bug CSCsi07492.  Every time RME sees a certain syslog message from the PIX, it tries to archive the config.  However, when RME logs into the PIX, and disables the pager, it triggers the same syslog.  This can lead to a loop.  Go to RME > Tools > Syslog > Automated Actions, and edit the Config Fetch action.  Remove the following syslog pattern, and see if that helps:

PIX-*-5-111005:*

--

Please support CSC Helps Haiti

https://supportforums.cisco.com/docs/DOC-8895

https://supportforums.cisco.com

New Member

Re: LMS : RME Troubleshooting

Hello Joe! As always, your assistance is greatly appreciated!

I have a question regarding this solution. We use CW to archive each PIX/ASA config change made, which is mandated by internal audit. Will removing that syslog pattern stop that from happening?

Thank you,

Drew

Cisco Employee

Re: LMS : RME Troubleshooting

Yes.  You will still get archives if you're doing periodic polling or collection, but you will not get an archive each time a config change is made.

--

Please support CSC Helps Haiti

https://supportforums.cisco.com/docs/DOC-8895

https://supportforums.cisco.com

New Member

Re: LMS : RME Troubleshooting

RME should try hard to archive the running config without altering it!

This should be possible for all releases that support "terminal pager lines 0" and would avoid the config fetching loop.

Cisco Employee

Re: LMS : RME Troubleshooting

This point was actually raised in CSCsi07492, but at the time, it was deemed easier considering the ubiquity of PIXOS 6.x code to simply remove the syslog messages.  It's probably time to re-evaluate that.

--

Please support CSC Helps Haiti

https://supportforums.cisco.com/docs/DOC-8895

https://supportforums.cisco.com

370
Views
0
Helpful
5
Replies