04-17-2011 08:37 AM - edited 03-10-2019 06:00 PM
Hi All,
I was wondering what happens when the log collector fails in a primary-secondary setup.
04-21-2011 05:51 PM
Hello,
The log collector will remain down until the server is back.
If the secondary have as log collector the primary and the primary will be down no logs will be available during that period.
I suggest to point as log collector himself so in that way both will be log collectors and both will shared the information.
Regards,
Erick Delgado
Cisco CSE
11-22-2011 08:40 AM
Hello,
so if i understand you correctly, there's actually no way that the log collector moves in an distributed deployment to another ACS Instance right? so in case of an longer outage of my log collector i have to manually choose another ACS instance for logging. but until i've done this i'm completely blind about what's going on in the network (right?)
sound's like that there is much room for improvement.... :-)
regards,
Bernhard
11-22-2011 06:00 PM
When the log collector is down authentications will succeed but the logs don't come back when the log collector comes back up. Essentially the logs get logged locally to a file on the system but there is no way to retrieve them and they don't sync down when the log collector comes back.
We have already an enhancement bug filed, CSCth66492, to change this behavior and sync those logs to the log collector when it recovers.
looks like this got fixed in ACS 5.3
Regards,
Jatin
Do rate helpful posts-
03-28-2013 04:51 AM
Hello Jatin.
I'm reading bug details (CSCth66492).
I'm using ACS 5.4 with the last patch. I have two instance: one primary and one secondary.
Primary instance is configured as log collector.
When primary instance fails, devices continue to authenticate successfully on secondary instance but, when primary comes back I'm not able to find any authentication logs operated from secondary. I'm using RADIUS to test this.
Why?
Thanks.
Regards.
Andrea
02-20-2014 10:31 PM
Ditto, Andrea. I don't see how this is fixed in 5.4. -Gary
02-21-2014 12:48 AM
Goodmorning Gary.
From ACS 5.3 release notes.
View Log Message Recovery
ACS 5.3 provides a new feature to recover any logs that are missed when the view is down. ACS collects these missed logs and stores them in its database.
Using this feature, you can retrieve the missed logs from the ACS database to the view database after the view is up.
To use this feature, you must set the Log Message Recovery Configuration as on. For more details on configuring the View Log Message Recovery, see User Guide for Cisco Secure Access Control System 5.3.
This feature must be enabled, under Monitoring and Reports, Launch Monitoring & Report Viewer. Successivamente Monitoring Configuration, System Operations e Log Message Recovery.
Enable “Log to Local Target” for categories under System Administration > Configuration > Log Configuration > Logging Categories > Global.
Hope this helps.
Regards.
Andrea
05-27-2019 02:32 AM
Our ACS was in deployment, Secondary ACS was working as a log collector.
Now we want to power off secondary ACS Server and we already made Primary ACS as log collector also.
Our requirement is to transfer all log files from secondary ACS to Primary one. So that we can see all older logs on Primary ACS if required.
So, Please share any known process for the same
05-29-2019 01:10 PM
@kthiruve is our SME, i have reached out. Please do move to ISE
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide