Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
981
Views
0
Helpful
3
Replies

ACS 5.5 and disappearing logs

andrewswanson
Level 7
Level 7

‎02-06-2014 03:02 AM - edited ‎03-10-2019 09:21 PM

Hello

I'm having issues with logging on a Cisco ACS 5.5.0.46 cluster. Cluster has been upgraded from latest 5.3 ACS to 5.5.

After upgrading to 5.5 logging was working fine. Monitoring and Reports had historical logs and was logging live/current authentications.

A few weeks back there was an issue outlined in the post below:

https://supportforums.cisco.com/thread/2264123?tstart=30

logging on the log collector stopped working. After restarting the logging process in the cluster, logging on the log collector started working again and I restored the missing logs from backup.

A few days ago the log collector stopped workng again - no logs at all (nothing live or historic. I restarted the log collector ACS VM and it started logging again but logs prior to the restart are missing.

The ACS cluster is logging to syslog but I really need to have reliable logs on the ACS.

I'm aware of a recent patch for 5.5 but the release notes don't seem to mention the above issue.

Is it worth patching 5.5 or roll back to 5.4?

Thanks
andy

Labels:
0 Helpful
3 Replies 3

andrewswanson
Level 7
Level 7

‎02-06-2014 07:25 AM

I noticed that when the issue occurred, the log collector had somehow disabled Incremental Backup. I re-enabled this and ran a full backup. This took longer than expected ( as I could only see todays logs on the log collector). When finished, the backup file size on the FTP server was nearly 9GB - when I checked the log collector I could see all the historic logs had reappeared!

When the backup finished, the primary ACS in the cluster pegged at 100% CPU - I'll open a TAC case for this.

Cheers

Andy

0 Helpful

Jatin Katyal
Cisco Employee
Cisco Employee

‎02-06-2014 07:13 PM

Andy,

Do you have log recovery option enabled under Monitoring and Report Viewer, select Monitoring Configuration > System Operations > Log Message Recovery.


For more information, go through the below listed link

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.5/user/guide/viewer_sys_ops.html#wp108302

~BR
Jatin Katyal

**Do rate helpful posts**

~Jatin
0 Helpful

andrewswanson
Level 7
Level 7
In response to Jatin Katyal

‎02-07-2014 01:29 AM

Hi Jatin

Yes, this option is enabled but isn't this for when the log-collector is briefly unavailable to receive logs from other ACS servers in the cluster? 180 days worth of logs were going missing from the log collector and then reappearing.

Thanks

Andy

0 Helpful
Customers Also Viewed These Support Documents