cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5521
Views
0
Helpful
8
Replies

ACS 5.2 what happens when log collector fails in a primary-secondary setup?

adrian_teo
Level 1
Level 1

Hi All,

        I was wondering what happens when the log collector fails in a primary-secondary setup.

  1. Say i have a pair of ACS 5.2 and configured for primary and secondary setup. and the log collector is the primary ACS.
  2. All network devices are configured to use primary acs 1st for authentication, when primary acs fails it will use secondary acs.
  3. When primary 1 fails, and when a user wants to log into a network device, the aaa is send to secondary acs, will secondary acs log this in secondary acs since primary acs (log collector )fail?
  4. Is the above setup correct to achieve redundancy for AAA fuction and log collector function.
8 Replies 8

Erick Delgado
Level 1
Level 1

Hello,

The log collector will remain down until the server is back.

If the secondary have as log collector the primary and the primary will be down no logs will be available during that period.

I suggest to point as log collector himself so in that way both will be log collectors and both will shared the information.

Regards,

Erick Delgado

Cisco CSE

Hello,

so if i understand you correctly, there's actually no way that the log collector moves in an distributed deployment to another ACS Instance right? so in case of an longer outage of my log collector i have to manually choose another ACS instance for logging. but until i've done this i'm completely blind about what's going on in the network (right?)

sound's like that there is much room for improvement.... :-)

regards,

Bernhard

When the log collector is down authentications will succeed but the logs don't come back when the log collector comes back up. Essentially the logs get logged locally to a file on the system but there is no way to retrieve them and they don't sync down when the log collector comes back.

We have already an enhancement bug filed, CSCth66492, to change this behavior and sync those logs to the log collector when it recovers.

looks like this got fixed in ACS 5.3

Regards,

Jatin

Do rate helpful posts-

~Jatin

Hello Jatin.

I'm reading bug details (CSCth66492).

I'm using ACS 5.4 with the last patch. I have two instance: one primary and one secondary.

Primary instance is configured as log collector.

When primary instance fails, devices continue to authenticate successfully on secondary instance but, when primary comes back I'm not able to find any authentication logs operated from secondary. I'm using RADIUS to test this.

Why?

Thanks.

Regards.

Andrea

Ditto, Andrea.  I don't see how this is fixed in 5.4.  -Gary

Goodmorning Gary.

From ACS 5.3 release notes.

View Log Message Recovery

ACS 5.3 provides a new feature to recover any logs that are missed when the view is down. ACS collects these missed logs and stores them in its database.

Using this feature, you can retrieve the missed logs from the ACS database to the view database after the view is up.

To use this feature, you must set the Log Message Recovery Configuration as on. For more details on configuring the View Log Message Recovery, see User Guide for Cisco Secure Access Control System 5.3.

This feature must be enabled, under Monitoring and Reports, Launch Monitoring & Report Viewer. Successivamente Monitoring Configuration, System Operations e Log Message Recovery.

Enable “Log to Local Target” for categories under System Administration > Configuration > Log Configuration > Logging Categories > Global.

Hope this helps.

Regards.

Andrea

Our ACS was in deployment, Secondary ACS was working as a log collector.

 

Now we want to power off secondary ACS Server and we already made Primary ACS as log collector also.

 

Our requirement is to transfer all log files from secondary ACS to Primary one. So that we can see all older logs on Primary ACS if required.

 

So, Please share any known process for the same

@kthiruve is our SME, i have reached out. Please do move to ISE