cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2970
Views
5
Helpful
4
Replies

CSA Logs

scheived
Level 3
Level 3

I keep seeing this in my logs, can anyone tell me what I can do to stop them?

At Tue Oct 12 10:01:14 CDT 2010 on node 10.220.1.12, the following SyslogSeverityMatchFound events generated: 

SeverityMatch : Critical

MatchedEvent : Oct 12 10:01:02 CCMPUB local4 2 : 30426: CCMPUB: Oct 12 2010 10:01:02.954 -0500: %CSA-2-EVENT_ASVC_CONF_DENY: %[PID=4581][component=CiscoSecurityAgent] : The process '/bin/chown' (as user root(0) group root(0)) attempted to modify a Cisco Security Agent resource file /common/log/taos-log-b/syslog/csalog which is located in a Cisco directory. The operation was denied. [rule 287] AppID : Cisco Syslog Agent ClusterID : 

NodeID : CCMPUB

TimeStamp : Tue Oct 12 10:01:03 CDT 2010

4 Replies 4

mmendezv
Cisco Employee
Cisco Employee

What is the CallManager version?

cm version 8.0.3.20000-2

Seems you are running into a known defect: 

CSCti45564
SyslogSeverityMatchFound Alarm Fires for CSA Owner change

Symptom:
Alarm is being triggered saying that there is a security issue when there is not.

Workaround:
Disable CSA from cli "utils csa disable" to avoid the blocking.

You can review this information using the Bug Toolkit

(http://www.cisco.com/cgi-bin/Support/Bugtool/launch_bugtool.pl) and the defect ID: CSCti45564

 

Looks like the versions this bug is fixed in aren't available for download yet,

can't wait though. I'll update when they are.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: