AppendixH Cisco Secure ACS Internal Architecture
CSMon
H-10
Cisco Secure ACS 3.0 for Windows 2000/NT Servers User Guide
78-13751-01, Version 3.0
CSMon responds to the event by logging the event, sending notifications (if
configured) and, if the event is a failure, taking action. There are two types
of actions:
Predefined actionsThese actions are hard-coded into the program and
are always carried out when a triggering event is detected. Because these
actions are hard-coded, they are integral to the application and do not
need to be configured. These actions include running the CSSupport
utility, which captures most of the parameters dealing with the state of
the system at the time of the event.
If the event is a warning event, it is logged and the administrator is
notified. No further action is taken. CSMon also attempts to fix the cause
of the failure after a sequence of re-tries and individual service restarts.
User Definable ActionsIf the predefined actions built into CSMon do
not fix the problem, CSMon can execute an external program or script. A
number of sample scripts are provided to perform such functions as
application restart, or you can create your own.

Sample Scripts

The following scripts are provided with CSMon:
RESTART_ALL_SERVICES.BATRestarts all Cisco Secure ACS
services
RESTART_PROTOCOL_MODULES.BATRestarts just the protocol
modules (CSTacacs+ and CSRadius)
REBOOT.BATReboots the Cisco Secure ACS system
Configuration
You can configure the following items through CSAdmin:
Test login frequencyDefines the frequency with which CSMon attempts to
perform its built-in test authentication. The default period is every 60
seconds. You can disable test authentications or set the frequency higher;
however, the overhead generated by this feature is small and there is no real
benefit from setting it higher.