Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5188
Views
0
Helpful
8
Replies

ACS 5.2 what happens when log collector fails in a primary-secondary setup?

adrian_teo
Level 1
Level 1

‎04-17-2011 08:37 AM - edited ‎03-10-2019 06:00 PM

Hi All,

        I was wondering what happens when the log collector fails in a primary-secondary setup.

  1. Say i have a pair of ACS 5.2 and configured for primary and secondary setup. and the log collector is the primary ACS.
  2. All network devices are configured to use primary acs 1st for authentication, when primary acs fails it will use secondary acs.
  3. When primary 1 fails, and when a user wants to log into a network device, the aaa is send to secondary acs, will secondary acs log this in secondary acs since primary acs (log collector )fail?
  4. Is the above setup correct to achieve redundancy for AAA fuction and log collector function.
2 people had this problem
Labels:
0 Helpful
8 Replies 8

Erick Delgado
Level 1
Level 1

‎04-21-2011 05:51 PM

Hello,

The log collector will remain down until the server is back.

If the secondary have as log collector the primary and the primary will be down no logs will be available during that period.

I suggest to point as log collector himself so in that way both will be log collectors and both will shared the information.

Regards,

Erick Delgado

Cisco CSE

0 Helpful

mogli
Level 1
Level 1
In response to Erick Delgado

‎11-22-2011 08:40 AM

Hello,

so if i understand you correctly, there's actually no way that the log collector moves in an distributed deployment to another ACS Instance right? so in case of an longer outage of my log collector i have to manually choose another ACS instance for logging. but until i've done this i'm completely blind about what's going on in the network (right?)

sound's like that there is much room for improvement.... :-)

regards,

Bernhard

0 Helpful

Jatin Katyal
Cisco Employee
Cisco Employee
In response to mogli

‎11-22-2011 06:00 PM

When the log collector is down authentications will succeed but the logs don't come back when the log collector comes back up. Essentially the logs get logged locally to a file on the system but there is no way to retrieve them and they don't sync down when the log collector comes back.

We have already an enhancement bug filed, CSCth66492, to change this behavior and sync those logs to the log collector when it recovers.

looks like this got fixed in ACS 5.3

Regards,

Jatin

Do rate helpful posts-

~Jatin
0 Helpful

andrea.meconi
Level 2
Level 2
In response to Jatin Katyal

‎03-28-2013 04:51 AM

Hello Jatin.

I'm reading bug details (CSCth66492).

I'm using ACS 5.4 with the last patch. I have two instance: one primary and one secondary.

Primary instance is configured as log collector.

When primary instance fails, devices continue to authenticate successfully on secondary instance but, when primary comes back I'm not able to find any authentication logs operated from secondary. I'm using RADIUS to test this.

Why?

Thanks.

Regards.

Andrea

0 Helpful

GARY HAHN
Level 1
Level 1
In response to andrea.meconi

‎02-20-2014 10:31 PM

Ditto, Andrea.  I don't see how this is fixed in 5.4.  -Gary

0 Helpful

andrea.meconi
Level 2
Level 2
In response to GARY HAHN

‎02-21-2014 12:48 AM

Goodmorning Gary.

From ACS 5.3 release notes.

View Log Message Recovery

ACS 5.3 provides a new feature to recover any logs that are missed when the view is down. ACS collects these missed logs and stores them in its database.

Using this feature, you can retrieve the missed logs from the ACS database to the view database after the view is up.

To use this feature, you must set the Log Message Recovery Configuration as on. For more details on configuring the View Log Message Recovery, see User Guide for Cisco Secure Access Control System 5.3.

This feature must be enabled, under Monitoring and Reports, Launch Monitoring & Report Viewer. Successivamente Monitoring Configuration, System Operations e Log Message Recovery.

Enable “Log to Local Target” for categories under System Administration > Configuration > Log Configuration > Logging Categories > Global.

Hope this helps.

Regards.

Andrea

0 Helpful

anil.kumark
Level 1
Level 1
In response to andrea.meconi

‎05-27-2019 02:32 AM

Our ACS was in deployment, Secondary ACS was working as a log collector.

 

Now we want to power off secondary ACS Server and we already made Primary ACS as log collector also.

 

Our requirement is to transfer all log files from secondary ACS to Primary one. So that we can see all older logs on Primary ACS if required.

 

So, Please share any known process for the same

0 Helpful

Jason Kunst
Cisco Employee
Cisco Employee
In response to anil.kumark

‎05-29-2019 01:10 PM

@kthiruve is our SME, i have reached out. Please do move to ISE

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents