08-08-2011 03:58 AM - edited 03-10-2019 06:17 PM
Hi,
We running ACS 5.2.x and need to collect the below log file;
var/log/ade/ADE.log
I know this should be taken while loging to ADE/Linux root, but I'm remember how to loging as I havent created and service account (as IPS). Appreciate if someone can let me know how to login to root and collect/copy those logs files.
thanks
Solved! Go to Solution.
10-25-2011 10:50 AM
Hi,
The syntax for the url for the NFS and FTP doesn’t look right to me. The syntax should be:
For FTP:
url ftp://server/path
For example, url ftp://10.52.25.11/
Or
url ftp://10.52.25.11/
or
url ftp://10.52.25.11/ftp if ftp is the subdirectory.
For NFS:
url nfs://server:path
You can see the reference guide for the CLI from the link below.
http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.2/command/reference/cli_app_a.html#wp1895920
Hope it helps.
Regards,
Cam
08-08-2011 07:15 AM
Hi,
In order to log in as root and have access to Linux commands/files, you’ll need the Root patch which can only provided by TAC.
But if your goal is to get the ADE.log file, you can collect the ACS Bundle Logs from the ACS GUI in the Monitoring & Reports window under Troubleshoot – ACS Bundle Logs. The ACS Bundle Logs include ADE.log file as well.
Regards,
Cam
08-08-2011 01:17 PM
Hi Cam,
Thanks for the reply. I did select the followings: Debug Logs, Local logs, system logs and it saved on as zip file, when I extracted it shows as "filename.tar.gpg".
- is ADE.log file included in the above logs
- how do I open the ADE.log file seperately
thanks
08-08-2011 02:07 PM
Hi,
It looks like you had collected the ACS bundle logs with the “Encrypt Support Bundle” option checked. Since you’re using ACS 5.2, when you collect the ACS bundle logs, there are options to Encrypt the logs or not. By default, “Encrypt Support Bundle” is checked. Please uncheck this and you’ll get the non-encrypted logs. After that, you can open it as a zip file without having to decrypt it.
Regards,
Cam
08-09-2011 12:41 PM
HI Cam,
Yes, this time I succeeded to collect the logs and thanks for your correct instruction. However my intension was to find out the error while I'm not able to do the backup.
I have configured a repository and configured scheduled backup, but for some reason it doest not happned (nothing seen on the specified backup folder). Attached screen shows my backup configuration.
But I stil could not find the exact issue from the below error messages.
01:56:01 acs01-cc4 MSGCAT52102/root: Scheduled backup starting on primary instance.
Aug 8 01:56:01 acs01-cc4 debugd[2953]: hangup signal caught, configuration read
Aug 8 01:56:01 acs01-cc4 debugd[2953]: successfully loaded debug config
Aug 8 01:56:07 acs01-cc4 MSGCAT58010/root: info:[ACS backup] ACS backup completed
Aug 8 01:56:19 acs01-cc4 logger: [backup-app.sh] backup file acs01-cc4-Backup-110808-0156.tar.gpg successfully created
Aug 8 01:56:19 acs01-cc4 debugd[2953]: [29408]: transfer: cars_xfer.c[124] [daemon]: tftp copy out of /opt/backup/backup-acs01-cc4-Backup-110808-0156-1312768561/acs01-cc4-Backup-110808-0156.tar.gpg requested
Aug 8 01:56:44 acs01-cc4 debugd[2953]: [29408]: transfer: cars_xfer_util.c[656] [daemon]: TFTP transfer error: 17664
Aug 8 01:56:44 acs01-cc4 debugd[2953]: [29408]: backup-restore:backup: br_backup.c[528] [daemon]: backup acs01-cc4-Backup-110808-0156 copy out failed
Aug 8 01:56:44 acs01-cc4 MSGCAT52105/root: Scheduled backup failed due to internal error. Please check ADE.log for more details.
Aug 8
08-10-2011 08:45 AM
Hi,
From the errors you provided, it looks like the backup file was successfully created and the backup was complete, but it failed while trying to transfer the file to the TFTP server. Do you see at that time the ACS tried to log in and transfer the file on the TFTP server? Was there any error on the TFTP server at that time? It could be that the backup file is bigger than the limitation in file size for TFTP, so you might want to try using an FTP server instead of TFTP.
You can create a repository on the ACS CLI pointing to the same TFTP server and do a manually backup via the CLI to see if that’s successful or not.
Here’s the command to create a repository via CLI:
http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.2/command/reference/cli_app_a.html#wp1895920
Here’s the command to do a manual backup of the ACS configuration data via the CLI:
http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.2/command/reference/cli_app_a.html#wp1886805
If the manual backup works with the same TFTP server, but the scheduled backup doesn’t, then you’ll probably need to open a TAC case and TAC can apply the root patch to see if there’re any residual files in the directory that the ACS uses for scheduled backups. The presence of these files (left from a previous backup) can prevent a scheduled backup from happening, so they need to be removed. But please try the manual backup first.
Regards,
Cam
10-24-2011 01:17 AM
HI Cam,
After a long delay I again started backing up of ACS configuration and data. I have tried with ftp/tftp/nsf, all looks backing up when I check show backup history in CLI but it does not transfer the file to my defined location of external server.
Here is what I see when doing manual backup in CLI
acs01-cc4/admin# backup myback repository ACSBackupTest (via FTP)
% Creating backup with timestamped filename: myback-111024-1028.tar.gpg
% File transfer error
acs01-cc4/admin# backup mybackup repository ACSBackup (via TFTP)
% Creating backup with timestamped filename: mybackup-111024-1031.tar.gpg
Error code 2: Access violation
Here is the output of show backup history
Mon Oct 24 09:39:23 AST 2011: backup acs01-cc4-Backup-111024-0939.tar.gpg to repository ACSBackup: success
Mon Oct 24 10:05:25 AST 2011: backup acs01-cc4-Backup-111024-1005.tar.gpg to repository ACSBackupTest:error - transfer faile
d
Mon Oct 24 10:10:23 AST 2011: backup acs01-cc4-Backup-111024-1010.tar.gpg to repository ACSBackupTest: error - transfer faile
d
Mon Oct 24 10:15:23 AST 2011: backup acs01-cc4-Backup-111024-1015.tar.gpg to repository ACSBackupTest: error - transfer faile
d
Mon Oct 24 10:30:34 AST 2011: backup myback-111024-1028.tar.gpg to repository ACSBackupTest: error - transfer failed
Mon Oct 24 10:33:25 AST 2011: backup mybackup-111024-1031.tar.gpg to repository ACSBackup: success
Here is the log from ADE.log file
--------------------------------------------
Oct 24 09:39:09 acs01-cc4 MSGCAT58010/root: info:[ACS backup] ACS backup completed
Oct 24 09:39:23 acs01-cc4 logger: [backup-app.sh] backup file acs01-cc4-Backup-111024-0939.tar.gpg successfully created
Oct 24 09:39:23 acs01-cc4 debugd[2772]: [32365]: transfer: cars_xfer.c[124] [daemon]: tftp copy out of /opt/backup/backup-acs01-cc4-Backup-111024-0939-1319438341/acs01-cc4-Backup-111024-0939.tar.gpg requested
Oct 24 09:39:23 acs01-cc4 debugd[2772]: [32365]: backup-restore:backup: br_backup.c[537] [daemon]: application component backup acs01-cc4-Backup-111024-0939.tar.gpg to repository ACSBackup: success
Oct 24 09:39:23 acs01-cc4 MSGCAT52106/root: Scheduled backup successfully complete
Bellow screen shots show the configuration on GUI, in the path it only accepts starting /
However I found some replies on Netpro some says its a bug: (ID:CSCtn78315) and some say it will work when patch 7 is applied.
Is there a way that we can access the root using Root patch and make sure these backup files are exist and then copy from some other way..?
Appreciate if you can provide some workable solution to this issue please.
thanks
10-24-2011 11:42 AM
Hi,
On the ACS CLI, when you do “show repository ” of the repository that had the transfer error, do you see the output listing all of the files in that directory? If you do, then the ACS can read the repository. If you get an error, that means the ACS can’t read the repository.
The error is the transfer error, so it looks like the write to the FTP server at that directory path (that you configured on the ACS GUI – Software Repository) is not working. Does the user that you’re using for the ACS to access the FTP server have all read and write permissions to that directory on the FTP server?
The bug you mentioned is fixed in ACS 5.3. I don’t see any documentation that it’s fixed in ACS 5.2 patch 7 or patch 8.
For the root patch, you will need to open a TAC case and TAC can provide the root patch and help you with this issue. With the root patch, you’ll be able to use FTP or SFTP Linux commands to see if you can manually transfer the files to the FTP server.
Regards,
Cam
10-24-2011 02:13 PM
HI Cam,
Thank you very much for your time on reply me back.
I did the show repository on each repository I configured and below is the output.
acs01-cc4/admin# show repository ACSBackup (using tftp)
% Protocol does not support listing directories
acs01-cc4/admin# show repository ACSBackupTest2 (using nsf)
% Error mounting NFS location
acs01-cc4/admin# show repository ACSBackupTest (using ftp)
% Error reading directory on remote server
acs01-cc4/admin#
Here is the repository config.
repository ACSBackup
url tftp://10.52.21.11/ACSBackup
repository ACSBackupTest
user test password hash 5c5e7693883c95ea7b6184e4d61e97716666823f
repository ACSBackupTest2
url nfs://10.52.17.11:/MARSBackup
user Administrator password hash da55242db997aaf87f78832a7e4e8901c354339e
I tested with tftp and was able to copy running-config on firewall which is in the same subnet of ACS and it was successful, but I did not test with nsf and ftp though.
However it's understood that we have some file writing issue from these repositories, kindly advise me how I can overcome this issue.
Thanks a lot once again for your time and reply me on this.
10-25-2011 10:50 AM
Hi,
The syntax for the url for the NFS and FTP doesn’t look right to me. The syntax should be:
For FTP:
url ftp://server/path
For example, url ftp://10.52.25.11/
Or
url ftp://10.52.25.11/
or
url ftp://10.52.25.11/ftp if ftp is the subdirectory.
For NFS:
url nfs://server:path
You can see the reference guide for the CLI from the link below.
http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.2/command/reference/cli_app_a.html#wp1895920
Hope it helps.
Regards,
Cam
11-08-2011 11:05 PM
`Hi Cam,
Many thanks for your response and sorry for long delay of my reply...!
Glad to inform you that it has been resolved. As you mentioned it was the syntax error when we spcify the ftp path.
In CLI of ACS we have to mention it as follow:
repository ACSBackup
url ftp://10.52.X.X
user test password xxxxx
but in GUI of ACS backup configuration we have to mention just backslah (/) only and you should point the folder in the ftp server.
I have documented the same in the attached document for any body's reference.
Thanks for your time and patiention on replying my querries.
11-09-2011 08:59 AM
Hi,
I’m glad the issue has been resolved.
You have a wonderful day!
Regards,
Cam
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide