· Take a look at the logs. Generally, I start with the ipics.log, but there are several important logs in the system.
· SSH into the server as root
(Since 2.2 or maybe 4.0) In root's home directory, there is a folder called logs (/root/logs). It contains symlinks to the most common logs we use. The most common are found at the top of the folder, while the less common ones are found in the sub-folders below. This makes it really easy to watch the system in near real-time with the command:
tail -F ~/logs/*
· To get a general idea what when wrong, let's look for unique error messages. The following command will distill a 7000 line log file down to a short list of error messages with the option to further filter the results using egrep:
· Then use grep to look for interesting keywords you got from the first query to understand the context of the error and if it is worth investigating. The following command will show you all occurrences of "InterestingKeyword" plus 5 lines of context above and below the matching line:
grep -C5 "InterestingKeyword" ipics.log
· There is a lot of noise in the logs, so it is nice to compare with another server to see what is "normal".
· If you don't see anything related to the symptom you are debugging, expand your search to the other logs:
o~/logs/catalina.out - This is where your thread dumps go, as well as general tomcat (usually non-IPICS) errors show up.
o~/logs/stdout.log and ~/logs/stderr.log - Sometimes you find stuff in here, but since it isn't timestamped, it is difficult to correlate with the other logs.
o~/logs/edr.log - If your problem is related to HA setup or tear-down.
oThen start looking at subsystem logs like nm.log, rcs.log, dms.log, engine.out, and the MIVR logs.
o~/logs/os/latest/ - The install logs
oUse get_all_logs to take a snapshot of all the system logs before they roll-over. If you are on an HA system, remember to run it on the secondary too.
· Be careful not to modify the ipics.log while the server is running. Always copy the log to /tmp before you make any changes or filter-out lines. To prevent accidental changes, open logs with "vi -R ipics.log"
Where to begin?
There are a number of useful diagnostic tools you can use, such as:
versions - Dumps the version data for the OS, WAR, and IPICS RPM's
service ipics status Overall system status
service ipics ha-status HA status
top-ipics - Good for watching performance of IPICS related processes
/opt/cisco/ipics/security/checksec - Gives SSH/SSL trust status and diagnoses some common problems.
/opt/cisco/ippe/bin/systat - Gives overall system status and diagnoses some common problems.
Hello, How to find log from CSM for users tried with Wrong Password/Uname. Is there way to find the usernames from Cisco Security Manager for those failed to authenticate in ASA for AnyConnect VPN ? What Event ID need to be will be responsi...
Good afternoon, I wanted to know how would I be able to setup different access via an anyconnect IPSEC configuration? I need two groups where one group of admins have open access and another group where users are allowed to access ...
Enabling our customers to leverage their install base and take them to the next level with Cisco Secure Firewall Threat Defense has always been a key priority. - The latest release of our Firewall Migration Tool (FMT) will help customers with the mig...
I got the error when install anyconnect 4.9 on Windows 10 20H2..... Product: Cisco AnyConnect Secure Mobility Client -- Error 1722. There is a problem with this Windows Installer package. A program run as part of the setup did not finish as exp...
Hi All Strange one but has anyone had issue's with AT&T we are experiencing a user who is unable to connect to the VPN via any connect, The client is reporting that AT&T use IPV6 and this could be the issue, personally i don't see how it coul...