Cisco AAA/Identity/Nac :: ACS 5.2 - Monitoring And Reports?
Apr 3, 2012
We're currently running on ACS 5.2.0.26.9 with 2 appliances (one primary and one secondary).Today, I wanted to get some reports from the Monitoring and Reports tool. At beginning, it seemed impossible to generate them. Later, I decided to reload first primary and then secondary. As soon as I've done it, I got an email alert telling me that it failed parsing NAD.
Cisco Secure ACS - Alarm Notification
Severity: Critical
Alarm Name
System Alarm [Collector]
Cause/Trigger
[code]....
I don't really find where I can find the Collector log...Anyway now when I generate a 30 days report, I only get data up to 23.03.2012. Nothing recent !
Just installed ACS 5.0.0.21. Monitoring and reports database was working, but now is not. When trying to open, I get "Monitoring and reports database currently unavailable. Trying reconnect in 5 minutes." From CLI "sho application status acs" gives me the following:
I have a Cisco ACS 5.1 virtual appliance which has been working fine, I have however just discovered that it is now unable to provide me with any logs. TACACS authentication is still working without any issues, the only problem I have is viewing the logs.
I have modified my radius accounting reports using "interactive viewer" and saved successfully but the exported report doesn't reflect these changes. I'm just wondering what's the point of being able to modify the reports if you can't export your changes or there is something I'm missing?
Is there a way I can get the ACS (5.3) to email some of it's reports on a schedule?I'm hoping to send automated summaries of failed logins to the service desk each Monday morning.
we have a 4510r-e running 12.2(50)SG1 w/ various rj45 line cards and a 24 port glc card.at any given time, i see 10's of ports in 10/full.i go to the station, and find the station in 100/full or 1000/full.
i go to the switch w/ my fluke, connect it directly to the switch w/o any intermediate infrastructure except a 50cm cat6 patch cable.the fluke reports 1000/full, but THE SWITCH PORT REPORTS STILL 10/FULL.all ports are config'd 'speed auto' and 'duplex auto'.
the switch seems to be erroneously reporting 10/full.there are no errors logged on any of the ports and there is successful communications even when the station and switch port report different speeds.even though there are no errors logged nor reported by 'show int [port]' nor 'sho int count error' certain killer applications crash on some stations. (the applications are GHOST (which dumps disk images from a server to multiple stations) and NETOP (which i sused in a classroom to transmit an instructors screen to a room full of stations) both of which broadcast and/or multicast.all nodes involved in the above 2 applics are on the same vlan and same phyiscal subnet.
the ports which report 10/full vary and occur even when the above applics are not in use.the only way i found to clear this 10/full report is by either a hardware reset of the entire module or by unplugging the cable, the execute on the port shutdown, speed auto, no shutdown, reconnect cable.then it's just a matter of time until it pops back to 10/full in a few minutes,hours or days.
how to address the killer applic problems besides restructuring the whole net by defining separate vlan for each lab of 20 or so stations?
I could not find any report in ACS 5.3 which gives details on user creation and deletion in ACS. This feature was there in ACS 4.x but it seems not provided in 5.3 version.
We have a Cisco ACS 5.2 deployment (appliance). It has an existing integration with Active Directory. We utilize this with RADIUS to authenticate our wireless users and TACACS for managing our network equipment.The RADIUS reports are useful for other teams (outside my own) to be able to troubleshoot password and account lockouts (everyone forgets to change the password on their phone).I would like to allow this team and other access to view the RADIUS authentications report.
When a tacacs user is changing the local password on the router (for local user), the acs 5.3 is showing the new password in clear text in authorization reports/logs.
This behaviour is seen on acs 5.x, whereas acs 4.2 is showing encrypted password in the reports.
I have checked debugs on Router and it is sending password in clear text in Tacacs Authorization packet but encrypted password in Tacacs Accounting logs.
Debug tacacs accounting debug aaa accounting 4w3d: TPLUS: Received accounting response with status PASS
I have 5 installations of ACS appliances (ACS 1121 running ACS 5.3). Is there a way to monitor them via SNMP? The AD client keeps dying on one of them, and even with the newest patch it's not up. Also, i want to monitor them up/down, CPU, memory... basic network monitoring to make sure my devices are healthy.
Any one know if that can be configured? I figured i'd ask here before opening a TAC.
I have not managed to get the Monitoring to work on the ACS 5.1. This is an eval version. Advanced monitoring and reporting is installed on the ACS. This is my configuration on the Cisco Router
aaa accounting exec default start-stop group tacacs+aaa accounting commands 0 default start-stop group tacacs+aaa accounting commands 1 default start-stop group tacacs+aaa accounting commands 15 default start-stop group tacacs+aaa accounting connection default start-stop group tacacs+ logging origin-id iplogging facility sysloglogging source-interface GigabitEthernet1/1logging host 1.1.1.1 transport udp port 20514 logging monitor informational epm logging
On the ACS, when I open the dashboard --> ACS health -> I get Status not available.Global Instance under Logging Categories been configured for local logging?
i just installed ACS 5.1.0.44 with the latest Patch on a VMWare virtual machine and installed the evaluation license.Everything works fine except for the "Monitoring & Report Viewer"-Tab:When i try to launch the Viewer, it opens a new browser-window/tab, which then again opens another (the same) window/tab, and so on and on. So there would be an infinite number of windows/tabs, if i wouldn't close them all real quickly. Same problem with any client and any browser.I already deinstalled ACS 5.1 and tried ACS 5.2 on the same machine -> same problem.
I am configuring new ACS 1121 appliance with version 5.3 and wanted to know how to configure Remote Database settings in ACS5.3 Is that necessary to configure that option ?
Also one more thing I can see that ACS 5.3 generates lots of logs is there any solution to reduce such logs. It seems many unuseful logs which are system related are getting logged into device which might no be good for memory requirements of device.
We are running WCS 7.0.1 and ACS 4.2 using TACACS for our techs to login to WCS (to manage access points). However, when the tech trys to run reports, they get an error:
Permissions Denied
The user is setup in Active Directory and not in WCS. I saw something about adding the user to a group in WCS but again the user is setup in AD. Is there something we need to do in ACS? Not sure what do do.
Have a problem with LMS 4.0.1 and DFM. In DFM no of the devices leaves the questioned state. Trying to rediscover them starts a process that ends after 20% completion every time. I've put on some debuging, but that does not enable more error messages.Only thing i find is in the log file [code] As I've encoded this to be the SNMP engine ID, which on the device is. [code]
We have CPU reports set to run daily for some of our higher priority switches, and we've noticed that some of the data isn't meshing with what we see on the switch. We have one heavily utilized switch that reports near 100% CPU utilization sometimes. I can do a "show proc cpu history" on that switch and see that at least once an hour over 72 hours, we'll see a near 100% CPU utilization.
The problem is that these spikes never appeare on any of our reports. We'd like to see this info because even if the switch spikes for just a few seconds or a minute, it could still indicate that we may have issues. Without that in the report, we may never realize there could be a problem.
Is there a way for this info to show in the report? I'm under the impression that if LMS polls the switch and doesn't see a high utilization average, then maybe it doesnt' enter that in the report. I guess I'd just like to know how often it pulls this data, and how it decides wath the Min, Max, and Averages are.
We had an existing installation of LMS 4.1 which seemed to have worked fine with the exception that it was giving problems with logging Syslog events. We tried everything to resolve it and then we found a link on this very site that explained that there was a bug in displaying Syslog events on LMS 4.1. It is important to state that we would get a few Syslog events but the rest were either filtered or discarded.As per the bug toolkit, we realized that we had to upgrade to LMS 4.2 to have the bug resolved. This was not a problem and we installed LMS 4.2 as a direct upgrade to LMS 4.1. We backed up our existing data and the installation process migrated everythin automatically.Now, LMS 4.2 is installed and our objective of having Syslog messages are being received regularly as we wanted.unfortunately, when we try to generate a report such as "Detailed Device" report and try to select All Devices from the Device Selector menu, we do not see any of our devices. However, we do find our devices listed under User-Defined Groups -> (Our DCR). Based on this, we can generate reports and everything is fine.Yet, we are doing this for a client of ours and they expect to see these devices listed in the "All Devices" section of the device selector. Apart from that, everything seems to be working fine.
We have noticed that some devices has dissapeared from HUM pollers and some quick reports have dissapeared too. It happened again some months ago. I would like to know:
1. How I can fix it.
2. Which logs I can see to troubleshoot the problem.
3. If is possible I can restore only the hum module from LMS backup
sending emails from simply accounting- I don't have outlook installed on my computer- is there another way to send invoices,reports or emails from Simply Accounting to my customers if I or they don't have outlook installed
I'm connected to my router via an Ethernet cable, and on the connection icon I have the yellow triangle and a message indicating I have no internet access...but I do. My internet is fully connected and I have no problems remote connecting to my computer from work, downloading and seeding torrents or browsing websites. Problems is, it seems that Windows THINKING it's not connected is affecting other programs which need to connect to the internet.
My customer is looking at using routers in DMVPN remote locations as DNS servers. He would like to be able to estimate how much memory the DNS cache will consume before going into production. I know you can get cache information when it's running, but he wants to plan ahead.I couldn't find any reports in Cisco or on the web of DNS caching causing memory issues, so I don't think he has much to worry about, but any rule of thumb as to how much memory each cache entry consumes would be useful. Or is there a protection mechanism to limit cache memory size in IOS ? The routers will be 877s and/or 1900-series.
Running WLSE 1.3 and it shows No Data Available. Checked the task history for Inventory collection and it is not collecting. All the processes are running. Unable to gather data. SNMP community strings are configured and devices are accessible (AP350's).
I've just set-up one of the RV220W VPN solutions. This worked fine for a while, but now it reports the remote gateway is not responding. Other clients can connect, but not the computer I'm using at home. Log file reports:
2011/08/31 21:10:31 [STATUS]Success to connect. 2011/08/31 21:10:31 [STATUS]Tunnel is configured. Ping test is about to start. 2011/08/31 21:10:31 [STATUS]Verifying Network... [code]...
I've tried the most common stuff. Enabling ICMP, checked that remote administration runs on port 443, changed MTU to 1400 manually, It allows fragmented packages too. Checked that IKE and IP Sec services are running. I've also tried both with windows firewall ON and OFF. A colleague of mine had the same problem in the same time frame as me, but after a while - he suddenly was able to connect. I still can't!!
