Chapter 15 Managing System Operations and Configuration in the Monitoring & Report Viewer

Recovering Log Messages

Recovering Log Messages

ACS server sends syslog messages to the Monitoring and Report Viewer for the activities such as passed authentication, failed attempts, authorization, accounting, and so on.

The syslog messages have a sequence number attached. If the Monitoring and Report Viewer goes down or if it is not able to receive messages from ACS, then the Monitoring and Report Viewer retries those missed logs from ACS, using the logging recovery mechanism.

The Monitoring and Report Viewer processes the syslog messages, and identifies any discrepancies in the sequence. In this way, it finds the messages that have been missed.

The Monitoring and Report Viewer then notifies the ACS server to resend the missing log messages. ACS server processes the messages stored in its local store and resends them to the Monitoring and Report Viewer.

Note For the Recovering Log Messages feature to work as desired, you must enable the Log to Local Target option for the relevant logging categories in ACS under System Administration > Configuration > Log Configuration > Logging Categories > Global.

To enable Recovering Log Messages, from the Monitoring & Report Viewer, select Monitoring

Configuration > System Operations > Log Message Recovery.

Table 15-5 Log Message Recovery Page

Option

Description

 

 

Log Message Recovery Option

On

Off

Enable the log message recovery feature.

Disable the log message recovery feature.

Configure Log Message Recovery Intervals

Run Every Minute(s)

Set the duration in minutes, at which the recovery should happen.

 

 

Run Every Hour(s)

Set the duration in hours, at which the recovery should happen.

 

 

Configure Missing Entry count to be re-sent by Collector

No.of Missing Entries to be re-sent by Collector during recovery at a time

Maximum number of missing entries that can be sent by the ACS server at a time.The default limit is 1000 and the maximum limit is 9999. If you set value higher than this, ACS performance might go down.

Note View logging recovery will not retrieve the missed logs when the View Logging Recovery feature is disabled and the view is down.

Viewing Scheduled Jobs

Use this page to view the scheduled jobs.

From the Monitoring & Report Viewer, select Monitoring Configuration > System Operations > Scheduler.

 

 

User Guide for Cisco Secure Access Control System 5.3

 

 

 

 

 

 

OL-24201-01

 

 

15-11

 

 

 

 

 

Page 469
Image 469
Cisco Systems OL-24201-01 manual Recovering Log Messages, Viewing Scheduled Jobs, 15-11