Cisco Acs 5x User Guide
Have a look at the manual Cisco Acs 5x User Guide online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 53 Cisco manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
12-3 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 12 Managing Alarms Viewing and Editing Alarms in Your Inbox Notifying Users of Events When a threshold is reached or a system alarm is generated, the alarm appears in the Alarms Inbox of the web interface. From this page, you can view the alarm details, add a comment about the alarm, and change its status to indicate that it is Acknowledged or Closed. The alarm details in this page, wherever applicable, include one or more links to the relevant reports to help you investigate the event that triggered the alarm. The Dashboard also displays the five most recent alarms. Alarms that you acknowledge or close are removed from this list in the Dashboard. ACS provides you the option to receive notifications in the following formats: E-mail—Contains all the information that is present in the alarm details page. You can configure a list of recipients to whom this e-mail must be sent. ACS 5.3 provides you the option to receive notification of events through e-mail in HTML format. Syslog message—Sent to the Linux or Windows machines that you have configured as alarm syslog targets. You can configure up to two alarm syslog targets. Viewing and Editing Alarms in Your Inbox You can view alarms that ACS generates based on a threshold configuration or a rule on a set of data collected from ACS servers. Alarms that have met the configured thresholds are sent to your inbox. After you view an alarm, you can edit the status of the alarm, assign the alarm to an administrator, and add notes to track the event. To view an alarm in your inbox, select Monitoring and Reports > Alarms > Inbox. The Inbox page appears with a list of alarms that ACS triggered. Ta b l e 1 2 - 2 describes the fields on the Alarms page. Table 12-3 lists the system alarms in ACS 5.3 and its severity. Ta b l e 1 2 - 2 A l a r m s P a g e Option Description SeverityDisplay only. Indicates the severity of the associated alarm. Options are: Critical Wa r n i n g Info Name Indicates the name of the alarm. Click to display the Alarms: Properties page and edit the alarm.
12-4 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 12 Managing Alarms Viewing and Editing Alarms in Your Inbox Time Display only. Indicates the time of the associated alarm generation in the format Ddd Mmm dd hh:mm:ss timezone yyyy, where: Ddd = Sun, Mon, Tue, Wed, Thu, Fri, Sat. Mmm = Jan, Feb, Mar, Apr, May, Jun, Jul, Aug, Sep, Oct, Nov, Dec. dd = A two-digit numeric representation of the day of the month, from 01 to 31. hh = A two-digit numeric representation of the hour of the day, from 00 to 23. mm = A two-digit numeric representation of the minute of the hour, from 00 to 59. ss = A two-digit numeric representation of the second of the minute, from 00 to 59. timezone = The time zone. yyyy = A four-digit representation of the year. CauseDisplay only. Indicates the cause of the alarm. Assigned ToDisplay only. Indicates who is assigned to investigate the alarm. StatusDisplay only. Indicates the status of the alarm. Options are: New—The alarm is new. Acknowledged—The alarm is known. Closed—The alarm is closed. Edit Check the check box next to the alarm that you want to edit, and click Edit to edit the status of the alarm and view the corresponding report. Close Check the check box next to the alarm that you want to close, and click Close to close the alarm. You can enter closing notes before you close an alarm. Closing an alarm only removes the alarm from the dashboard. It does not delete the alarm. Delete Check the check box next to the alarm that you want to delete, and click Delete to delete the alarm. Table 12-2 Alarms Page (continued) Option Description Table 12-3 System Alarms in ACS 5.3 Alarm Severity Purge Related Alarms Backup failed. Backup failed before Database Purge. Critical Backup successful. Backup failed before Database Purge. Info Database Purge for Daily Tables failed. Exception Details. Critical Database Purge for Monthy Tables failed. Exception Details. Critical Database Purge for Yearly Tables failed. Exception Details. Critical Incremental backup is not configured. Configuring incremental backup is necessary to make the database purge successful. This will help to avoid disk space issues. View database Size is filesize in GB and size it occupies on the harddisk is actual db size in GB.Wa r n i n g
12-5 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 12 Managing Alarms Viewing and Editing Alarms in Your Inbox Configure Incremental Backup Data Repository as Remote Repository otherwise backup will fail and Incremental backup mode will be changed to off.Wa r n i n g Configure Remote Repository under Purge Configuration which is used to take a backup of data before purge.Wa r n i n g View database size exceeds the max limit of maxlimit GB. View database Size is filesize GB and size it occupies on the harddisk is actualDBSize GB. View database size exceeds the max limit of maxLimit GB.Critical View database size exceeds the upper limit of upperLimit GB. View database Size is filesize GB and size it occupies on the harddisk is actualDBSize GB. View database size exceeds the upper limit of upperLimit GB.Critical ACS View DB Size exceeds the lower limit lowerLimit GB. View database Size is filesize GB and size it occupies on the harddisk is actualDBSize GB. View database size exceeds the lower limit of lowerLimit GB.Wa r n i n g DB Purge. Database Start Purging. Info Disk Space Limit Exceeded - Window at : Disk Space Limit Exceeded recommended threshold at one month data. Now Purging week data till it reaches lower limit.Wa r n i n g Acs view Application Exceeded its Maximum Allowed Disk size. Disk Space Exceeded recommended threshold, extra monthsinnumber month(s) data purged.Wa r n i n g Acs view Application Exceeded its Maximum Allowed Disk size. Disk Space Exceeded recommended threshold monthsinnumber month(s) data purged.Info Purge is successful. The size of records present in view data base is actualsizeinGB GB. The physical size of the view data base on the disk sizeinGB GB. If you want to reduce the physical size of the view data base, run acsview-db-compress command from acs-config mode through command line.Wa r n i n g Purge process removed week week(s) data to reach lower limit Info Purge process was tried to remove maximum data to reach lower limit by purging last three weeks data but still acsview database size is having greater than lower limit. Currently we are keeping only last 1 week data.Wa r n i n g The number of incoming log messages is reaching threshold value: GBs. Make sure that you configured ACS to send only the important category of messages to Log collector.Wa r n i n g Incremental Backup On-demand Full Backup failed: Exception Details. Critical Full Database Backup failed. Exception Details. Critical Full Database Purge Backup failed. Exception Details. Critical Incremental Backup Failed. Exception Details. Critical Incremental Restore Successful. Info Incremental Restore failed. Reason: Exception Details Critical On-demand Full Backup failed: Exception Details Critical Full Database Backup failed: Exception Details. Critical Table 12-3 System Alarms in ACS 5.3 Alarm Severity
12-6 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 12 Managing Alarms Viewing and Editing Alarms in Your Inbox Full Database Purge Backup failed: Exception Details Critical Incremental Backup Failed: Exception Details Critical Log Recovery Log Message Recovery failed: Exception Details Critical View Compress Database rebuild operation has started. The Log collector services would be shut down during this operation and they would be made up after rebuild operation is completed. If log recovery option is enabled already, any log messages that may be received during the rebuild operation would be recovered after log collector services are up.Critical The database reload operation completed. Info System detects a need to compress the database. Run the view database compress operation manually during maintenance window, otherwise, automatic database rebuild would be triggered to avoid disk space issue.Wa r n i n g Automatic database rebuild operation has started. The Log collector services would be shut down during this operation and they would be made up after rebuild operation is completed. If log recovery option is enabled already, any log messages that may be received during the rebuild operation would be recovered after log collector services are up.Critical The database reload operation completed. Info Automatic database rebuild operation would be triggered as the size of the database exceeds the limit to avoid disk space issue. Enable log recovery feature to recover missed log messages during database rebuild operation. Database re-build operation will not continue till log recovery feature enabled.Wa r n i n g Threshold Executor Could not complete executing all thresholds in the allocated thresholdEvaluationInterval minute interval. Thresholds will be evaluated again in the next interval. This error could have happened because: The system is under heavy load (example: During Purging) There might be too many thresholds active at this time.Info Session Monitor Active sessions are over limit. Session is over 250000. Warning Syslog Collector Failure Please see Collector log for details. Critical Scheduled ACS Backup Scheduled backup of ACS configuration db failed to start due to invalid character in backup name.Critical Scheduled backup of ACS configuration db failed to start due to invalid repository. Please verify that repository exists.Critical Unable to get hostname. Scheduled backup of ACS configuration db failed. Please check ADE.log for more details.Critical Table 12-3 System Alarms in ACS 5.3 Alarm Severity
12-7 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 12 Managing Alarms Viewing and Editing Alarms in Your Inbox Failed to load backup library. Scheduled backup of ACS configuration db failed. Please check ADE.log for more details.Critical Symbol lookup error. Scheduled backup of ACS configuration db failed. Please check ADE.log for more details.Critical Failed to perform ACS backup due to internal error. Please check ADE.log for more details.Critical Disk Size Check Backup of size directorySize M exceeds the allowed quota of MaxSize M. This will not prohibit backup process as long as there is enough disk space. Please note that this indicates you should consider moving ACS to a higher disk space machine.Critical Patch of size directorySize M exceeds the allowed quota of MaxSize M. This will not prohibit patch installation process as long as there is enough disk space. Please note that this indicates you should consider moving ACS to a higher disk space machine.Critical Support bundle of size directorySize M exceeds the allowed quota of MaxSize M. This will not prohibit support bundle collection process as long as there is enough disk space. Please note that this indicates you should consider moving ACS to a higher disk space machine.Critical Backup of size directorySize M exceeds the allowed quota of MaxSize M. This will not prohibit restore process as long as there is enough disk space. Please note that this indicates you should consider moving ACS to a higher disk space machine.Critical Disk Quota ACS DB size has exceeded allowed quota. Critical ACS View DB size has exceeded allowed quota. Critical View Data Upgrade Database conversion has successfully completed. The View newVersion database has been upgraded to installedVersion and is ready for activation.Wa r n i n g Database conversion did not complete successfully. The View newVersion upgrade process encountered errors and was not able to complete. The upgrade log contains detailed information.Critical Others Aggregator is busy. Dropping syslog. Critical Collector is busy. Dropping syslog. Critical Unregistered ACS Server servername. Warning Unknown Message code received. Critical Table 12-3 System Alarms in ACS 5.3 Alarm Severity
12-8 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 12 Managing Alarms Viewing and Editing Alarms in Your Inbox NoteACS cannot be used as a remote syslog server. But, you can use an external server as a syslog server. If you use an external server as a syslog server, no alarms can be generated in the ACS view as the syslog messages are sent to the external syslog server. If you want to generate the alarms in ACS view, set the logging option as localhost using CLI. To edit an alarm: Step 1Select Monitoring and Reports > Alarms > Inbox. The Inbox page appears with a list of alarms that ACS triggered. Step 2Check the check box next to the alarm that you want to edit and click Edit. The Inbox - Edit page appears with the following tabs: Alarm—This tab provides more information on the event that triggered the alarm. Table 12-4 describes the fields in the Alarm tab. You cannot edit any of the fields in the Alarm tab. Status—This tab allows you to edit the status of the alarm and add a description to track the event. Step 3Modify the fields in the Status tab as required. Table 12-5 describes the fields. Step 4Click Submit to save the changes. The Alarms page appears with the changes you made. Related Topics Creating, Editing, and Duplicating Alarm Thresholds, page 12-11 Table 12-4 Inbox - Alarm Tab Option Description Occurred At Date and time when the alarm was triggered. Cause The event that triggered the alarm. Detail Additional details about the event that triggered the alarm. ACS usually lists the counts of items that exceeded the specified threshold. Report Links Wherever applicable, one or more hyperlinks are provided to the relevant reports that allow you to further investigate the event. Threshold Information on the threshold configuration. Table 12-5 Inbox - Status Tab Option Description Status Status of the alarm. When an alarm is generated, its status is New. After you view the alarm, change the status of the alarm to Acknowledged or Closed to indicate the current status of the alarm. Assigned To (Optional) Specify the name of the user to whom this alarm is assigned. Notes (Optional) Enter any additional information about the alarm that you want to record.
12-9 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 12 Managing Alarms Understanding Alarm Schedules Deleting Alarm Thresholds, page 12-33 Understanding Alarm Schedules You can create alarm schedules to specify when a particular alarm threshold is run. You can create, edit, and delete alarm schedules. You can create alarm schedules to be run at different times of the day during the course of a seven-day week. By default, ACS comes with the non-stop alarm schedule. This schedule monitors events 24 hours a day, seven days a week. To view a list of alarm schedules, choose Monitoring and Reports > Alarms > Schedules. The Alarm Schedules page appears. Table 12-6 lists the fields in the Alarm Schedules page. This section contains the following topics: Creating and Editing Alarm Schedules, page 12-9 Assigning Alarm Schedules to Thresholds, page 12-10 Deleting Alarm Schedules, page 12-11 Creating and Editing Alarm Schedules To create or edit an alarm schedule: Step 1Choose Monitoring and Reports > Alarms > Schedules. The Alarm Schedules page appears. Step 2Do either of the following: Click Create. Check the check box next to the alarm schedule that you want to edit, then click Edit. The Alarm Schedules - Create or Edit page appears. Table 12-7 lists the fields in the Alarms Schedules - Create or Edit page. Table 12-6 Alarm Schedules Page Option Description Filter Enter a search criterion to filter the alarm schedules based on your search criterion. Go Click Go to begin the search. Clear Filter Click Clear Filter to clear the search results and list all the alarm schedules. Name The name of the alarm schedule. Description (Optional) A brief description of the alarm schedule.
12-10 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 12 Managing Alarms Understanding Alarm Schedules Step 3Click Submit to save the alarm schedule. The schedule that you create is added to the Schedule list box in the Threshold pages. Assigning Alarm Schedules to Thresholds When you create an alarm threshold, you must assign an alarm schedule for the threshold. To assign an alarm schedule: Step 1Choose Monitoring and Reports > Alarms > Thresholds. The Thresholds page appears. NoteThis procedure only describes how to assign a schedule to a threshold. For detailed information on how to create, edit, or duplicate a threshold, see Creating, Editing, and Duplicating Alarm Thresholds, page 12-11. Step 2Do one of the following. Click Create. Check the check box next to the threshold that you want to edit and click Edit. Check the check box next to the threshold that you want to duplicate and click Duplicate. Step 3In the General tab, choose the schedule that you want from the Schedule drop-down list box. Step 4Click Submit to assign the schedule to the threshold. Table 12-7 Alarm Schedules - Create or Edit Page Option Description Identification Name Name of the alarm schedule. The name can be up to 64 characters in length. Description A brief description of the alarm schedule; can be up to 255 characters in length. Schedule Click a square to select or deselect that hour. Use the Shift key to select or deselect a block starting from the previous selection. For more information on schedule boxes, see Schedule Boxes, page 5-16. Select All Click Select All to create a schedule that monitors for events all through the week, 24 hours a day, 7 days a week. Clear All Click Clear All to deselect all the selection. Undo All When you edit a schedule, click Undo All to revert back to the previous schedule.
12-11 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 12 Managing Alarms Creating, Editing, and Duplicating Alarm Thresholds Deleting Alarm Schedules NoteBefore you delete an alarm schedule, ensure that it is not referenced by any thresholds that are defined in ACS. You cannot delete the default schedule (nonstop) or schedules that are referenced by any thresholds. To delete an alarm schedule: Step 1Choose Monitoring and Reports > Alarms > Schedules. The Alarm Schedules page appears. Step 2Check the check box next to the alarm schedule that you want to delete, then click Delete. The following message appears: Are you sure you want to delete the selected item(s)? Step 3Click Ye s to delete the alarm schedule. The alarm schedule page appears without the schedule that you deleted. Creating, Editing, and Duplicating Alarm Thresholds Use this page to configure thresholds for each alarm category. You can configure up to 100 thresholds. To configure a threshold for an alarm category: Step 1Select Monitoring and Reports > Alarms > Thresholds. The Alarms Thresholds page appears as described in Table 12-8: Table 12-8 Alarm Thresholds Page Option Description Name The name of the alarm threshold. Description The description of the alarm threshold.
12-12 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 12 Managing Alarms Creating, Editing, and Duplicating Alarm Thresholds Step 2Do one of the following: Click Create. Check the check box next to the alarm that you want to duplicate, then click Duplicate. Click the alarm name that you want to modify, or check the check box next to the alarm that you want to modify, then click Edit. Check the check box next to the alarm that you want to enable, then click Enable. Check the check box next to the alarm that you want to disable, then click Disable. Step 3Modify fields in the Thresholds page as required. See the following pages for information about valid field options: Configuring General Threshold Information, page 12-13 Configuring Threshold Criteria, page 12-14 Configuring Threshold Notifications, page 12-32 Step 4Click Submit to save your configuration. The alarm threshold configuration is saved. The Threshold page appears with the new configuration. Category The alarm threshold category. Options can be: Passed Authentications Failed Authentications Authentication Inactivity TACACS Command Accounting TACACS Command Authorization ACS Configuration Changes ACS System Diagnostics ACS Process Status ACS System Health ACS AAA Health RADIUS Sessions Unknown NAD External DB Unavailable RBACL Drops NAD-reported AAA Down Last Modified Time The time at which the alarm threshold was last modified by a user. Last Alarm The time at which the last alarm was generated by the associated alarm threshold. Alarm Count The number of times that an associated alarm was generated. Table 12-8 Alarm Thresholds Page (continued) Option Description