Show logging system, 18-28 | Cisco Systems OL-24201-01 specification

Chapter 18 Managing System Administration Configurations

Configuring Logs

Viewing ADE-OS Logs

The logs listed in Table 18-22are written to the ADE-OS logs. From the ACS CLI, you can use the following command to view the ADE-OS logs:

show logging system

This command lists all the ADE-OS logs and your output would be similar to the following example.

Sep 29 23:24:15 cd-acs5-13-179 sshd(pam_unix)[20013]: 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.77.137.95

user=admin

Sep 29 23:24:34 cd-acs5-13-179 sshd(pam_unix)[20017]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.77.137.95 user=ad

min

Sep 29 23:24:36 cd-acs5-13-179 sshd[20017]: Failed password for admin from 10.77.137.95 port 3635 ssh2

Sep 30 00:47:44 cd-acs5-13-179 sshd(pam_unix)[20946]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.77.137.95 user=ad

min

Sep 30 00:47:46 cd-acs5-13-179 sshd[20946]: Failed password for admin from 10.77.137.95 port 3953 ssh2

Sep 30 00:54:59 cd-acs5-13-179 sshd(pam_unix)[21028]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.77.137.95 user=ad

min

Sep 30 00:55:01 cd-acs5-13-179 sshd[21028]: Failed password for admin from 10.77.137.95 port 3962 ssh2

Sep 30 00:55:35 cd-acs5-13-179 last message repeated 5 times

Sep 30 00:55:39 cd-acs5-13-179 sshd[21028]: Accepted password for admin from 10.77.137.95 port 3962 ssh2

Sep 30 00:55:39 cd-acs5-13-179 sshd(pam_unix)[21038]: session opened for user admin by (uid=0)

Sep 30 00:55:40 cd-acs5-13-179 debugd[2597]: hangup signal caught, configuration read

Sep 30 00:55:40 cd-acs5-13-179 debugd[2597]: successfully loaded debug config

Sep 30 00:55:40 cd-acs5-13-179 debugd[2597]: [21043]: utils: cars_shellcfg.c[118] [admin]: Invoked carsGetConsoleConfig

Sep 30 00:55:40 cd-acs5-13-179 debugd[2597]: [21043]: utils: cars_shellcfg.c[135] [admin]:

No Config file,		returning defaults
Sep 30 01:22:20		cd-acs5-13-179	sshd[21038]: Received disconnect from 10.77.137.95: 11:
Connection discarded by broker
Sep 30 01:22:20		cd-acs5-13-179	sshd(pam_unix)[21038]: session closed for user admin
Sep 30 01:22:22		cd-acs5-13-179	debugd[2597]: hangup signal caught, configuration read
Sep 30 01:22:22		cd-acs5-13-179	debugd[2597]: successfully loaded debug config
Sep 30	02:48:54	cd-acs5-13-179	sshd[22500]: Accepted password for admin from 10.77.137.58
port 4527 ssh2
Sep 30	02:48:54	cd-acs5-13-179	sshd(pam_unix)[22504]: session opened for user admin by
(uid=0)
Sep 30	02:48:55	cd-acs5-13-179	debugd[2597]: hangup signal caught, configuration read
Sep 30	02:48:55	cd-acs5-13-179	debugd[2597]: successfully loaded debug config

You can view the logs grouped by the module that they belong to. For example, the monitoring and troubleshooting logs contain the string MSGCAT and the debug logs contain the string debug.

From the ACS CLI, you can enter the following two commands to view the monitoring and troubleshooting logs and the administrative logs respectively:

•show logging system include MSGCAT

•show logging system include debug

The output of the show logging system include MSGCAT would be similar to:

Sep 27 13:00:02 cd-acs5-13-103 MSGCAT58010/root: info:[ACS backup] ACS backup completed

Sep 28 13:00:03 cd-acs5-13-103 MSGCAT58010/root: info:[ACS backup] ACS backup completed

Sep 29 06:28:17 cd-acs5-13-103 MSGCAT58007: Killing Tomcat 8363

	User Guide for Cisco Secure Access Control System 5.3
18-28	OL-24201-01

Cisco Systems OL-24201-01 manual Show logging system, 18-28

Models: OL-24201-01

Viewing ADE-OS Logs

show logging system

returning defaults

User Guide for Cisco Secure Access Control System 5.3

18-28

OL-24201-01