Thank you for replying.

That's interesting.

In my case I shut down ACS-A. And, from ACS-B GUI, I saw after clicking on logs – it goes to ACS-A (you see this clearly in browser address bar)!

Now, since ACS-A is shut down you cannot possibly get it in browser A and not in browser B. Maybe Cisco guys can clarify this.

Alex, that's what I am thinking that why we're talking about browser's here

Let me attempt to answer your question; in order to restore logging, as soon as primary is down, login to secondary device, de-register it from primary (THIS STEP WOULD RESTART THE SERVICES) and change the logging server to point to itself. Once a device becomes standalone, it'll be the log collector for itself unless you specify a syslog server.

All new authentications will start getting logged on to secondary ACS because currently it's a log collector. The old logs that were on dead master cannot be viewed from secondary.

After primary fails and before secondary is made standalone or new primary, you'll not be able to monitor logs. Since primary is configured as log server in your secondary servers, when you launch monitoring and reports page, it'll launch monitoring and reports from primary device and as primary is down, you'll not be able to view logs.

However, you can enable Log message recovery option in ACS so that the missing entries can be resent to log collector when it's up and running.

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.3/user/guide/viewer_sys_ops.html#wp1083029

Let me know if you have any query/concern.

~BR
Jatin Katyal

**Do rate helpful posts**

Did that help you understanding and resolving your query? Let us know if you have any further questions.

~BR
Jatin Katyal

**Do rate helpful posts**

Hi,

Thank You.

Yes, this answers my question on a technical level. From a user viewpoint, it's disappointing though. A well-established system should make logs available unrelated to any physical machine failure, in my opinion.