01-20-2011 05:54 AM - edited 03-10-2019 05:44 PM
Hi everyone.
I have a single primary-secondary design using ACS 5, and everything runs smootlhy. I have a couple of doubts, and made some research, but nothing was clear enough about this:
- Why am I not able to get access to Monitoring & Report Viewer from my secondary box? When I do this, I'm redirected to login to primary box. Is this an expected behavior?
- If so, what should I do if my primary box goes down? Should I promote manually my secondary box to primary? Or is there a way to allow both ACS to have these logs?
- Another situation: My primary box goes down in the middle of the night and I only notice it in the morning. What happens to the logs in this time? Are these lost?
That's pretty much it for now.
Thanks a bunch
- Victor Alves
Solved! Go to Solution.
01-21-2011 04:04 AM
Hi Victor,
If you are unable to get access to Monitoring & Report Viewer from your secondary box and are redirected to login to primary box.This is expected behavior if your Primary server is defined as log collector.
Either a primary server or one of the secondary servers can function as a logging server.The logging server receives the logs from the primary server and all the ACS secondary servers in the deployment.
You can also configure another server as Syslog server(ex Remote Syslog server target) in addition to the logcollector.
The log collector failover process is manual and not automated.If your primary server defined also as log collector goes down, you may then want to promote the secondary server to primary and then manually set it as log collector:ACS GUI>System Administration>Configuration>Log Configuration>Log Collector
A possible workaround for this issue is to allocate one of the ACS secondary servers as the Monitoring and Report server as per Cisco documentation links included below.
For a situation with primary server configured as log collector is down, the logging will not be available following that instance.
For any db/corruption issues, if you have valid backups prior to failure, you would be able to use the restore functionality to have the information prior to the acs services going down.
For reference links:
http://www.cisco.com/en/US/partner/docs/net_mgmt/cisco_secure_access_control_system/5.2/installation/guide/csacs_deploy.html#wp1104098
http://www.cisco.com/en/US/partner/docs/net_mgmt/cisco_secure_access_control_system/5.2/user/guide/logging.html
http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.2/command/reference/cli_app_a.html#wp1888749
HTH,
Please let us know if any pending concerns.
Thanks,
Alex
01-21-2011 04:04 AM
Hi Victor,
If you are unable to get access to Monitoring & Report Viewer from your secondary box and are redirected to login to primary box.This is expected behavior if your Primary server is defined as log collector.
Either a primary server or one of the secondary servers can function as a logging server.The logging server receives the logs from the primary server and all the ACS secondary servers in the deployment.
You can also configure another server as Syslog server(ex Remote Syslog server target) in addition to the logcollector.
The log collector failover process is manual and not automated.If your primary server defined also as log collector goes down, you may then want to promote the secondary server to primary and then manually set it as log collector:ACS GUI>System Administration>Configuration>Log Configuration>Log Collector
A possible workaround for this issue is to allocate one of the ACS secondary servers as the Monitoring and Report server as per Cisco documentation links included below.
For a situation with primary server configured as log collector is down, the logging will not be available following that instance.
For any db/corruption issues, if you have valid backups prior to failure, you would be able to use the restore functionality to have the information prior to the acs services going down.
For reference links:
http://www.cisco.com/en/US/partner/docs/net_mgmt/cisco_secure_access_control_system/5.2/installation/guide/csacs_deploy.html#wp1104098
http://www.cisco.com/en/US/partner/docs/net_mgmt/cisco_secure_access_control_system/5.2/user/guide/logging.html
http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.2/command/reference/cli_app_a.html#wp1888749
HTH,
Please let us know if any pending concerns.
Thanks,
Alex
01-21-2011 04:29 AM
That surely addresses everything.
Thanks for your help!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide