Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1963
Views
0
Helpful
6
Replies

what will happen if ACS database full !!!

Go to solution
Rps-Cheers
VIP
VIP

‎11-10-2018 08:53 AM - edited ‎03-11-2019 01:51 AM

Hi  everyone,

 

I have a issue that is about acs,these days,our acs occur a alarm is "Physical size of ACS db is more than 50% of its Actual Size".

I think it's bug CSCum51180,and i want to enter "acs-config" in CLI,to confirm acs database.But,when i issue " acsview show-dbsize", there is not any output,just like this:

----------------

acs23/acsadmin(config-acs)#acsview show-dbsize

acs23/acsadmin(config-acs)#

acs23/acsadmin(config-acs)#

---------------

So,i want to know is there any abnormal? And if the acs database full, what will be happened?whether we cannot access to ACS?

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Rps-Cheers | If it solves your problem, please mark as answer. Thanks !
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee

‎11-10-2018 12:15 PM - edited ‎11-10-2018 12:24 PM

There should be protection mechanism so that it doesn’t fill up

 

i will confirm 

Please work with tac to troubleshoot

View solution in original post

0 Helpful

Go to solution
kthiruve
Cisco Employee
Cisco Employee
In response to Jason Kunst

‎11-12-2018 08:42 AM

I did not see the output of the acsview show db-size command.

The bug was fixed in 5.5 and 5.6.

The alarm should come up only with the size of disk is more than 1GB but it seemed to appear even before that.

Alarm was changed to warning.

 

In any case it would be good to compress and truncate transactional logs. Do it in a maintenance window just to make sure it does not impact users.

https://www.cisco.com/c/en/us/td/docs/net_mgmt/cisco_secure_access_control_system/5-4/command/reference/cli/cli_app_a.html#98188

 

Finally ACS 5.4 is EOL and End of Support

https://www.cisco.com/c/en/us/products/collateral/security/secure-access-control-system/eos-eol-notice-c51-732647.html

 

ISE is the next generation ACS. Please look at ACS to ISE migration for details how to migrate over to ISE

https://community.cisco.com/t5/security-documents/acs-to-ise-migration/ta-p/3644038

 

Thanks

Krishnan

View solution in original post

0 Helpful
6 Replies 6

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee

‎11-10-2018 12:15 PM - edited ‎11-10-2018 12:24 PM

There should be protection mechanism so that it doesn’t fill up

 

i will confirm 

Please work with tac to troubleshoot

0 Helpful

Go to solution
Rps-Cheers
VIP
VIP
In response to Jason Kunst

‎11-11-2018 07:18 AM

But,there is not cisco contract about the device...
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Rps-Cheers | If it solves your problem, please mark as answer. Thanks !
0 Helpful

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee
In response to Rps-Cheers

‎11-11-2018 08:49 AM

We are checking internally to see. Recommendation would be to remove to Identity services engine with an update contract
0 Helpful

Go to solution
kthiruve
Cisco Employee
Cisco Employee
In response to Jason Kunst

‎11-12-2018 08:42 AM

I did not see the output of the acsview show db-size command.

The bug was fixed in 5.5 and 5.6.

The alarm should come up only with the size of disk is more than 1GB but it seemed to appear even before that.

Alarm was changed to warning.

 

In any case it would be good to compress and truncate transactional logs. Do it in a maintenance window just to make sure it does not impact users.

https://www.cisco.com/c/en/us/td/docs/net_mgmt/cisco_secure_access_control_system/5-4/command/reference/cli/cli_app_a.html#98188

 

Finally ACS 5.4 is EOL and End of Support

https://www.cisco.com/c/en/us/products/collateral/security/secure-access-control-system/eos-eol-notice-c51-732647.html

 

ISE is the next generation ACS. Please look at ACS to ISE migration for details how to migrate over to ISE

https://community.cisco.com/t5/security-documents/acs-to-ise-migration/ta-p/3644038

 

Thanks

Krishnan

0 Helpful

Go to solution
Rps-Cheers
VIP
VIP
In response to Jason Kunst

‎11-14-2018 07:12 AM

Hi Jason,
Thanks a lot for your response.the error just as before i told.i plan to confirm the database usage by the command “acsview show-dbsize” for acs-config.But there is no any output,so i don‘t know the database space how to useage.in addition,I also worry about i cannot login the acs if the database full,or some other abnormal things.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Rps-Cheers | If it solves your problem, please mark as answer. Thanks !
0 Helpful

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee
In response to Rps-Cheers

‎11-16-2018 09:38 AM

per sme o@kthiruve you need to truncate the logs and compress the database. You can do that first if you think the database is full independent of the output display of disk size.

 

0 Helpful
Customers Also Viewed These Support Documents