Cisco Acs 57 User Guide
Have a look at the manual Cisco Acs 57 User Guide online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 53 Cisco manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
9 Managing Alarms Understanding Alarm Schedules 3.Click Submit to save the alarm schedule. The schedule that you create is added to the Schedule list box in the Threshold pages. Assigning Alarm Schedules to Thresholds When you create an alarm threshold, you must assign an alarm schedule for the threshold. To assign an alarm schedule: 1.Choose Monitoring and Reports > Alarms > Thresholds. The Thresholds page appears. Note: This procedure only describes how to assign a schedule to a threshold. For detailed information on how to create, edit, or duplicate a threshold, see Creating, Editing, and Duplicating Alarm Thresholds, page 10. 2.Do one of the following. Click Create. Check the check box the threshold that you want to edit and click Edit. Check the check box the threshold that you want to duplicate and click Duplicate. 3.In the General tab, choose the schedule that you want from the Schedule drop-down list box. 4.Click Submit to assign the schedule to the threshold. Deleting Alarm Schedules Note: Before you delete an alarm schedule, ensure that it is not referenced by any thresholds that are defined in ACS. You cannot delete the default schedule (nonstop) or schedules that are referenced by any thresholds. To delete an alarm schedule: 1.Choose Monitoring and Reports > Alarms > Schedules. The Alarm Schedules page appears. Table 117 Alarm Schedules - Create or Edit Page Option Description Identification Name Name of the alarm schedule. The name can be up to 64 characters in length. Description A brief description of the alarm schedule; can be up to 255 characters in length. Schedule Click a square to select or deselect that hour. Use the Shift key to select or deselect a block starting from the previous selection. For more information on schedule boxes, see Schedule Boxes, page 15. Select All Click Select All to create a schedule that monitors for events all through the week, 24 hours a day, 7 days a week. Clear All Click Clear All to deselect all the selection. Undo All When you edit a schedule, click Undo All to revert back to the previous schedule.
10 Managing Alarms Creating, Editing, and Duplicating Alarm Thresholds 2.Check the check box the alarm schedule that you want to delete, then click Delete. The following message appears: Are you sure you want to delete the selected item(s)? 3.Click Ye s to delete the alarm schedule. The alarm schedule page appears without the schedule that you deleted. Creating, Editing, and Duplicating Alarm Thresholds Use this page to configure thresholds for each alarm category. You can configure up to 100 thresholds. To configure a threshold for an alarm category: 1.Select Monitoring and Reports > Alarms > Thresholds. The Alarms Thresholds page appears as described in Table 118 on page 11:
11 Managing Alarms Creating, Editing, and Duplicating Alarm Thresholds 2.Do one of the following: Click Create. Check the check box the alarm that you want to duplicate, then click Duplicate. Click the alarm name that you want to modify, or check the check box the alarm that you want to modify, then click Edit. Check the check box the alarm that you want to enable, then click Enable. Check the check box the alarm that you want to disable, then click Disable. 3.Modify fields in the Thresholds page as required. See the following pages for information about valid field options: Configuring General Threshold Information, page 16 Configuring Threshold Criteria, page 16 Table 118 Alarm Thresholds Page Option Description Name The name of the alarm threshold. Description The description of the alarm threshold. Category The alarm threshold category. Options can be: Passed Authentications Failed Authentications Authentication Inactivity TACACS Command Accounting TACACS Command Authorization ACS Configuration Changes ACS System Diagnostics ACS Process Status ACS System Health ACS AAA Health RADIUS Sessions Unknown NAD External DB Unavailable RBACL Drops NAD-reported AAA Down Last Modified Time The time at which the alarm threshold was last modified by a user. Last Alarm The time at which the last alarm was generated by the associated alarm threshold. Alarm Count The number of times that an associated alarm was generated.
12
Managing Alarms
Creating, Editing, and Duplicating Alarm Thresholds
Configuring Threshold Notifications, page 35
4.Click Submit to save your configuration.
The alarm threshold configuration is saved. The Threshold page appears with the new configuration.
Related Topics
Configuring General Threshold Information, page 16
Configuring Threshold Criteria, page 16
Configuring Threshold Notifications, page 35
Alarm Threshold Messages
A general alarm threshold message would include the following:
, , , .
A sample alarm threshold message is given below:
Apr 2 13:23:00 ACS Server1 0000000005 1 0 ACSVIEW_ALARM Threshold alarm name = “System_Diagnostics”,
severity = Warn, cause = “Alarm caused by System_Diagnostics threshold”, detail = “(ACS Instance = ACS Server,
Category = CSCOacs_Internal_Operations_Diagnostics, Severity = Warn, Message Text = CTL for syslog server
certificate is empty)”
Table 119 on page 13 displays the list of all alarm threshold messages.
13 Managing Alarms Creating, Editing, and Duplicating Alarm Thresholds Table 119 List of Alarm Threshold Messages Alarm Threshold CategoryAlarm Header Alarm Name Severity Cause Details Passed Authentication Alarm Category: CSCOacs_View_Alarm Syslog ID: 00000001 Number of Fragments: 1 First Fragment: 0 Authentication Critical/ Warning/ InfoThis alarm is raised when the authentication threshold is reached. User: user1 Passed authentication count: 2 Failed Authentication Alarm Category: CSCOacs_View_Alarm Syslog ID: 00000002 Number of Fragments: 1 First Fragment: 0 Authentication Critical/ Warning/ InfoThis alarm is raised when the authentication threshold is reached. User: user1 Failed authentication count: 2 Authentication Inactivity Alarm Category: CSCOacs_View_Alarm Syslog ID: 000000081 Number of Fragments: 1 First Fragment: 0 Authentication inactivityCritical/ Warning/ InfoThis alarm is raised when the authentication inactivity has occurred. Following ACS instance(s) did not receive any authentication request between and : acsserver1 TACACS Command Accounting Alarm Category: CSCOacs_View_Alarm Syslog ID: 0000000127 Number of Fragments: 1 First Fragment: 0 TACACS AccountingCritical/ Warning/ InfoThis alarm is caused when the TACACS+ accounting threshold is reached.ACS instance: acsserver1 Time: User: user1 Privilege: 0 Command: CmdAV = show run
14 Managing Alarms Creating, Editing, and Duplicating Alarm Thresholds TACACS Command Authorization Alarm Category: CSCOacs_View_Alarm Syslog ID: 0000000128 Number of Fragments: 1 First Fragment: 0TACACS AuthorizationCritical/ Warning/ InfoThis alarm is caused when the TACACS+ authorization threshold is reached.ACS instance: acsserver1 Time: Network Device: device1 User: user1 Privilege: 0 Command: CmdAV = show run Authorization Result: Passed Identity Group: All Groups, Device Group & Device Type: All Device Types Location: All Locations ACS Configuration Changes Alarm Category: CSCOacs_View_Alarm Syslog ID: 0000000002 Number of Fragments: 1 First Fragment: 0 Configuration ChangesCritical/ Warning/ InfoThis alarm is caused when the configuration changes threshold is reached.ACS instance: acsserver1 Time: Administrator: acsadmin Object Name: ACSAdmin Object Type: Administrator Account Change: UPDATE ACS System Diagnostics Syslog ID: 0000000005 Number of Fragments: 1 First Fragment: 0System DiagnosticsCritical/ Warning/ InfoThis alarm is caused when the system diagnostics threshold is reached.ACS instance: acsserver1 Category: CSCOacs_Internal_Opera tions_Diagnostics Severity: warning Message Text: CTL for Syslog server certificate is empty Table 119 List of Alarm Threshold Messages (continued) Alarm Threshold CategoryAlarm Header Alarm Name Severity Cause Details
15 Managing Alarms Creating, Editing, and Duplicating Alarm Thresholds ACS Process Status Alarm Category: CSCOacs_View_Alarm Syslog ID: 0000000001 Number of Fragments: 1 First Fragment: 0Authentication Critical/ Warning/ InfoThis alarm is caused when the authentication threshold is reached.No process status updates have been received since the ACS View may be down. ACS System Health Alarm Category: CSCOacs_View_Alarm Syslog ID: 0000000004 Number of Fragments: 1 First Fragment: 0 Authentication Critical/ Warning/ InfoThis alarm is caused when the authentication threshold is reached.ACS instance: acsserver1 CPU utilization(%): 0.96 Memory utilization(%): 91.73 Disk space used /opt(%): 14.04 Disk space used /localdisk(%): 8.94 ACS AAA Health Alarm Category: CSCOacs_View_Alarm Syslog ID: 0000000003 Number of Fragments: 1 First Fragment: 0AAA Health Critical/ Warning/ InfoThis alarm is caused when the AAA health threshold is reached.ACS instance: acsserver1 RADIUS throughput (transactions per second): 0.00 RADIUS Sessions Syslog ID: 0000000003 Number of Fragments: 1 First Fragment: 0RADIUS SessionCritical/ Warning/ InfoThis alarm is caused when the RADIUS sessions threshold is reached.ACS instance: acsserver1 Device IP: 192.168.1.2 Count: 12 Table 119 List of Alarm Threshold Messages (continued) Alarm Threshold CategoryAlarm Header Alarm Name Severity Cause Details
16 Managing Alarms Creating, Editing, and Duplicating Alarm Thresholds Configuring General Threshold Information To configure general threshold information, fill out the fields in the General Tab of the Thresholds page. Table 120 on page 16 describes the fields. Related Topics Configuring Threshold Criteria, page 16 Configuring Threshold Notifications, page 35 Configuring Threshold Criteria ACS 5.7 provides the following threshold categories to define different threshold criteria: Unknown NAD Syslog ID: 0000000002 Number of Fragments: 1 First Fragment: 0Unknown NAD Critical/ Warning/ InfoThis alarm is caused when the unknown NAD threshold is reached.ACS instance: acsserver1 Unknown NAD count: 12 External Database Unavailable Alarm Category: CSCOacs_View_Alarm Syslog ID: 0000000001 Number of Fragments: 1 First Fragment: 0External databaseCritical/ Warning/ InfoThis alarm is caused when the external database threshold is reached.ACS instance: acsserver1 External database unavailable: 6 NAD-reported AAA Down Syslog ID: 0000000004 Number of Fragments: 1 First Fragment: 0NAD_Reported _AAA_Down Critical/ Warning/ InfoThis alarm is caused when the NAD_Reported _AAA_ Down threshold is reached.ACS instance: acsserver1 AAA down count: 10 Table 119 List of Alarm Threshold Messages (continued) Alarm Threshold CategoryAlarm Header Alarm Name Severity Cause Details Table 120 General Tab Option Description Name Name of the threshold. Description (Optional) The description of the threshold. Enabled Check this check box to allow this threshold to be executed. Schedule Use the drop-down list box to select a schedule during which the threshold should be run. A list of available schedules appears in the list.
17 Managing Alarms Creating, Editing, and Duplicating Alarm Thresholds Passed Authentications, page 17 Failed Authentications, page 19 Authentication Inactivity, page 21 TACACS Command Accounting, page 22 TACACS Command Authorization, page 23 ACS Configuration Changes, page 24 ACS System Diagnostics, page 25 ACS Process Status, page 26 ACS System Health, page 27 ACS AAA Health, page 28 RADIUS Sessions, page 29 Unknown NAD, page 30 External DB Unavailable, page 31 RBACL Drops, page 33 NAD-Reported AAA Downtime, page 34 Passed Authentications When ACS evaluates this threshold, it examines the RADIUS or TACACS+ passed authentications that occurred during the time interval that you have specified up to the previous 24 hours. These authentication records are grouped by a common attribute, such as ACS Instance, User, Identity Group, and so on. The number of records within each of these groups is computed. If the count computed for any of these groups exceeds the specified threshold, an alarm is triggered. For example, if you configure a threshold with the following criteria: Passed authentications greater than 1000 in the past 20 minutes for an ACS instance. When ACS evaluates this threshold and three ACS instances have processed passed authentications as follows: An alarm is triggered because at least one ACS instance has greater than 1000 passed authentications in the past 20 minutes. Note: You can specify one or more filters to limit the passed authentications that are considered for threshold evaluation. Each filter is associated with a particular attribute in the authentication records and only those records whose filter value matches the value that you specify are counted. If you specify multiple filters, only the records that match all the filter conditions are counted.ACS Instance Passed Authentication Count New York ACS 1543 Chicago ACS 879 Los Angeles 2096
18 Managing Alarms Creating, Editing, and Duplicating Alarm Thresholds Modify the fields in the Criteria tab as described in Table 121 on page 18 to create a threshold with the passed authentication criteria. Table 121 Passed Authentications Option Description Passed AuthenticationsEnter data according to the following: greater than count > occurrences |%> in the past time > Minutes | Hours for a object, where: count values can be the absolute number of occurrences or percent. Valid values are: —count must be in the range 0 to 99 for greater than. —count must be in the range 1 to 100 for lesser than. occurrences | %> value can be occurrences or %. time values can be 5 to 1440 minutes, or 1 to 24 hours. Minutes|Hours value can be Minutes or Hours. object values can be: —ACS Instance —User —Identity Group —Device IP —Identity Store —Access Service —NAD Port —AuthZ Profile —AuthN Method —EAP AuthN —EAP Tunnel In a distributed deployment, if there are two ACS instances, the count is calculated as an absolute number or as a percentage for each of the instances. ACS triggers an alarm only when the individual count of any of the ACS instance exceeds the specified threshold. Filter ACS Instance Click Select to choose a valid ACS instance on which to configure your threshold. User Click Select to choose or enter a valid username on which to configure your threshold. Identity Group Click Select to choose a valid identity group name on which to configure your threshold. Device Name Click Select to choose a valid device name on which to configure your threshold. Device IP Click Select to choose or enter a valid device IP address on which to configure your threshold. Device Group Click Select to choose a valid device group name on which to configure your threshold. Identity Store Click Select to choose a valid identity store name on which to configure your threshold. Access Service Click Select to choose a valid access service name on which to configure your threshold.