Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1178
Views
23
Helpful
9
Replies

Remote Agent issue with ACS 4.2

Go to solution
vishweswaran.k
Level 1
Level 1

‎03-19-2013 12:42 AM - edited ‎03-10-2019 08:12 PM

Dear All,

We have ACS 4.2.0.124 runnning with remote agent installed on win 2003/32 bit ent server. Now we are facing issue like logs (daily backup) from ACS to the Remote Agent is not happening properly. We usually get logs around 1 MB everyday in remote agent but sometimes we are getting 1 KB continuosly untill the services to be restarted in ACS manually. Any quick help is appreciated.

ACS and Remote Agent, version and patches are same.

Thanks in advance ...

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jatin Katyal
Cisco Employee
Cisco Employee
In response to vishweswaran.k

‎03-20-2013 03:42 AM

CSLogAgent is the logging service. CSAgent controls the logging service but receives logging data from appliances directly. When CSLogAgent starts, it requests its configuration from the configuration provider specified in the CSAgent.ini file. After it has received its configuration, it is ready to perform logging services. If CSLogAgent encounters problems receiving its configuration from the configuration provider, it restarts periodically until it succeeds in receiving its configuration.

When a remote agent starts, it reads its CSAgent.ini file to determine which services should be available and which appliance is its configuration provider. Then it contacts the configuration provider and requests its configuration.

Ports—By default, CSLogAgent listens to TCP port 2006 for communication with the configuration provider and on TCP port 2007 for accounting data from any permitted appliance.

What is the full version of ACS appliance? You can check this under system configuration >> appliance upgrade status.

In order to generate some logs on demand.

Go to reports and activities > administration audits > click refresh/reload few times.

From the RA server collect the below listed files.

C:\Program Files\Cisco\CiscoSecure ACS Agent\CSLogAgent\Logs

C:\Program Files\Cisco\CiscoSecure ACS Agent\CSAgent.ini

Jatin Katyal


- Do rate helpful posts -

~Jatin

View solution in original post

9 Replies 9

Go to solution
Amjad Abdullah
VIP Alumni
VIP Alumni

‎03-19-2013 02:01 AM

When the remote agent not logging, what is the remote agent service status? is it running? or stopped?

Rating useful replies is more useful than saying "Thank you"

Rating useful replies is more useful than saying "Thank you"

Go to solution
Jatin Katyal
Cisco Employee
Cisco Employee

‎03-19-2013 03:29 AM

Further to Amjad's reply, try to grab CSLOG file from the server running remote agent.

Jatin Katyal


- Do rate helpful posts -

~Jatin

Go to solution
vishweswaran.k
Level 1
Level 1
In response to Jatin Katyal

‎03-19-2013 11:21 PM

we have installed this on appliance. how will i get CSLog ..?

0 Helpful

Go to solution
Amjad Abdullah
VIP Alumni
VIP Alumni
In response to vishweswaran.k

‎03-20-2013 12:18 AM

The remote agent logs are saved in the remote agent installation directory (usually in C:\program files\Cisco\CiscoSecure ACS Agent directory). In CSLogAgent\Logs directory.

Rating useful replies is more useful than saying "Thank you"

Rating useful replies is more useful than saying "Thank you"
0 Helpful

Go to solution
murugananthamamir
Level 1
Level 1
In response to Amjad Abdullah

‎03-20-2013 12:28 AM

        .

0 Helpful

Go to solution
vishweswaran.k
Level 1
Level 1
In response to Jatin Katyal

‎03-20-2013 12:44 AM

In CSLog file we are seeing pass and fail status. how to find the miscommunication between acs and remote agent..? any bug which is hitting to this version 4.2 ..?how the logs are stored in remote agent ? what protocol is been used for this communication ? pls help...

0 Helpful

Go to solution
Jatin Katyal
Cisco Employee
Cisco Employee
In response to vishweswaran.k

‎03-20-2013 03:42 AM

CSLogAgent is the logging service. CSAgent controls the logging service but receives logging data from appliances directly. When CSLogAgent starts, it requests its configuration from the configuration provider specified in the CSAgent.ini file. After it has received its configuration, it is ready to perform logging services. If CSLogAgent encounters problems receiving its configuration from the configuration provider, it restarts periodically until it succeeds in receiving its configuration.

When a remote agent starts, it reads its CSAgent.ini file to determine which services should be available and which appliance is its configuration provider. Then it contacts the configuration provider and requests its configuration.

Ports—By default, CSLogAgent listens to TCP port 2006 for communication with the configuration provider and on TCP port 2007 for accounting data from any permitted appliance.

What is the full version of ACS appliance? You can check this under system configuration >> appliance upgrade status.

In order to generate some logs on demand.

Go to reports and activities > administration audits > click refresh/reload few times.

From the RA server collect the below listed files.

C:\Program Files\Cisco\CiscoSecure ACS Agent\CSLogAgent\Logs

C:\Program Files\Cisco\CiscoSecure ACS Agent\CSAgent.ini

Jatin Katyal


- Do rate helpful posts -

~Jatin

Go to solution
vishweswaran.k
Level 1
Level 1
In response to Jatin Katyal

‎03-20-2013 04:21 AM

Its running with 4.2.1.15 and patch is 9. In RA also same. We are getting CSLogAgent logs and not seeing any disconnection kind of errors but in Logs directory, like failed attempts, Passed authentication ... n all sometimes not logging properly. means empty notepad with 1KB. CSAgent.ini configs are proper. Any suggestion..?

0 Helpful

Go to solution
Amjad Abdullah
VIP Alumni
VIP Alumni
In response to Jatin Katyal

‎03-20-2013 04:25 AM

Nice explanation Jatin

+5 is least thing we can provide.

Regards,

Amjad

Rating useful replies is more useful than saying "Thank you"

Rating useful replies is more useful than saying "Thank you"
0 Helpful
Customers Also Viewed These Support Documents