Chapter 18 Managing System Administration Configurations

Configuring Logs

Viewing ADE-OS Logs

The logs listed in Table 18-22are written to the ADE-OS logs. From the ACS CLI, you can use the following command to view the ADE-OS logs:

show logging system

This command lists all the ADE-OS logs and your output would be similar to the following example.

Sep 29 23:24:15 cd-acs5-13-179 sshd(pam_unix)[20013]: 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.77.137.95

user=admin

Sep 29 23:24:34 cd-acs5-13-179 sshd(pam_unix)[20017]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.77.137.95 user=ad

min

Sep 29 23:24:36 cd-acs5-13-179 sshd[20017]: Failed password for admin from 10.77.137.95 port 3635 ssh2

Sep 30 00:47:44 cd-acs5-13-179 sshd(pam_unix)[20946]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.77.137.95 user=ad

min

Sep 30 00:47:46 cd-acs5-13-179 sshd[20946]: Failed password for admin from 10.77.137.95 port 3953 ssh2

Sep 30 00:54:59 cd-acs5-13-179 sshd(pam_unix)[21028]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.77.137.95 user=ad

min

Sep 30 00:55:01 cd-acs5-13-179 sshd[21028]: Failed password for admin from 10.77.137.95 port 3962 ssh2

Sep 30 00:55:35 cd-acs5-13-179 last message repeated 5 times

Sep 30 00:55:39 cd-acs5-13-179 sshd[21028]: Accepted password for admin from 10.77.137.95 port 3962 ssh2

Sep 30 00:55:39 cd-acs5-13-179 sshd(pam_unix)[21038]: session opened for user admin by (uid=0)

Sep 30 00:55:40 cd-acs5-13-179 debugd[2597]: hangup signal caught, configuration read

Sep 30 00:55:40 cd-acs5-13-179 debugd[2597]: successfully loaded debug config

Sep 30 00:55:40 cd-acs5-13-179 debugd[2597]: [21043]: utils: cars_shellcfg.c[118] [admin]: Invoked carsGetConsoleConfig

Sep 30 00:55:40 cd-acs5-13-179 debugd[2597]: [21043]: utils: cars_shellcfg.c[135] [admin]:

No Config file,

returning defaults

Sep 30 01:22:20

cd-acs5-13-179

sshd[21038]: Received disconnect from 10.77.137.95: 11:

Connection discarded by broker

 

Sep 30 01:22:20

cd-acs5-13-179

sshd(pam_unix)[21038]: session closed for user admin

Sep 30 01:22:22

cd-acs5-13-179

debugd[2597]: hangup signal caught, configuration read

Sep 30 01:22:22

cd-acs5-13-179

debugd[2597]: successfully loaded debug config

Sep 30

02:48:54

cd-acs5-13-179

sshd[22500]: Accepted password for admin from 10.77.137.58

port 4527 ssh2

 

 

Sep 30

02:48:54

cd-acs5-13-179

sshd(pam_unix)[22504]: session opened for user admin by

(uid=0)

 

 

Sep 30

02:48:55

cd-acs5-13-179

debugd[2597]: hangup signal caught, configuration read

Sep 30

02:48:55

cd-acs5-13-179

debugd[2597]: successfully loaded debug config

You can view the logs grouped by the module that they belong to. For example, the monitoring and troubleshooting logs contain the string MSGCAT and the debug logs contain the string debug.

From the ACS CLI, you can enter the following two commands to view the monitoring and troubleshooting logs and the administrative logs respectively:

show logging system include MSGCAT

show logging system include debug

The output of the show logging system include MSGCAT would be similar to:

Sep 27 13:00:02 cd-acs5-13-103 MSGCAT58010/root: info:[ACS backup] ACS backup completed

Sep 28 13:00:03 cd-acs5-13-103 MSGCAT58010/root: info:[ACS backup] ACS backup completed

Sep 29 06:28:17 cd-acs5-13-103 MSGCAT58007: Killing Tomcat 8363

 

User Guide for Cisco Secure Access Control System 5.3

18-28

OL-24201-01

Page 542
Image 542
Cisco Systems OL-24201-01 manual Show logging system, 18-28