Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

CSA Logs

I keep seeing this in my logs, can anyone tell me what I can do to stop them?

At Tue Oct 12 10:01:14 CDT 2010 on node 10.220.1.12, the following SyslogSeverityMatchFound events generated: 

SeverityMatch : Critical

MatchedEvent : Oct 12 10:01:02 CCMPUB local4 2 : 30426: CCMPUB: Oct 12 2010 10:01:02.954 -0500: %CSA-2-EVENT_ASVC_CONF_DENY: %[PID=4581][component=CiscoSecurityAgent] : The process '/bin/chown' (as user root(0) group root(0)) attempted to modify a Cisco Security Agent resource file /common/log/taos-log-b/syslog/csalog which is located in a Cisco directory. The operation was denied. [rule 287] AppID : Cisco Syslog Agent ClusterID : 

NodeID : CCMPUB

TimeStamp : Tue Oct 12 10:01:03 CDT 2010

4 REPLIES
Cisco Employee

Re: CSA Logs

What is the CallManager version?

Community Member

Re: CSA Logs

cm version 8.0.3.20000-2

Cisco Employee

Re: CSA Logs

Seems you are running into a known defect: 

CSCti45564
SyslogSeverityMatchFound Alarm Fires for CSA Owner change

Symptom:
Alarm is being triggered saying that there is a security issue when there is not.

Workaround:
Disable CSA from cli "utils csa disable" to avoid the blocking.

You can review this information using the Bug Toolkit

(http://www.cisco.com/cgi-bin/Support/Bugtool/launch_bugtool.pl) and the defect ID: CSCti45564

 

Community Member

Re: CSA Logs

Looks like the versions this bug is fixed in aren't available for download yet,

can't wait though. I'll update when they are.

2047
Views
5
Helpful
4
Replies
CreatePlease to create content