Cisco Acs 5x User Guide
Have a look at the manual Cisco Acs 5x User Guide online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 53 Cisco manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
15-3 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 15 Managing System Operations and Configuration in the Monitoring & Report Viewer Configuring Data Purging and Incremental Backup Configuring Alarm Syslog Targets, page 15-17 Configuring Remote Database Settings, page 15-17 Configuring Data Purging and Incremental Backup The Monitoring & Report Viewer database handles large volumes of data. When the database size becomes too large, it slows down all the processes. You do not need all the data all the time. Therefore, to efficiently manage data and to make good use of the disk space, you must back up your data regularly and purge unwanted data that uses up necessary disk space. Purging data deletes it from the database. Since the Monitoring & Report Viewer database size is large, the backup process takes a long time to complete. The incremental backup option enables you to take a complete backup of your Monitoring & Report Viewer database once and then to back up data incrementally (that is, only the updates are backed up and stored separately) from the next time onwards. An incremental backup performs a full database backup the first time it is run, and subsequently only backs up the updates that are made to the database. Incremental backups are therefore much faster and make efficient use of disk space. You can also configure the frequency and time of incremental backups. With incremental backups, multiple backup files are stored in the repository. However, when you restore data from an incremental backup, ACS restores data from all the backup files starting from the full backup and continuing until the latest incremental backup. NoteIf you disable incremental backup for some reason, ensure that you run a full backup the next time before you can continue with incremental backups again. You can also configure a full database backup and define its frequency and time. ACS also allows you to run an immediate backup of the full Monitoring & Report Viewer database. However, you cannot concurrently run an incremental backup, full backup, and data purge. If any of these jobs are running, you must wait for a period of 90 minutes before you can begin the next job. TimesaverWe recommend that you take a full backup the first time and then incrementally back up your data instead of running full backups every time. NoteTo ensure that your data is backed up before the purge, configure a data repository via the CLI or the ACS web interface (System Administration > Operations > Software Repositories). Refer to the CLI Reference Guide for the Cisco Secure Access Control System 5.3 for more information on configuring a repository. If you enable incremental backup, data is purged daily at 4:00 a.m. at the local time zone where the ACS instance that runs the View process is located. The following database limitations apply for purging: If the database disk usage is greater than 83 GB, an alarm is sent to the dashboard. If the database disk usage is greater than 111 GB and less than 139 GB, a backup is run immediately followed by a purge until the database disk usage is below 111 GB. If the backup fails, check the database disk usage again. The Monitoring & Report Viewer data is purged from the database. The oldest data is purged first.
15-4 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 15 Managing System Operations and Configuration in the Monitoring & Report Viewer Configuring Data Purging and Incremental Backup –If the database disk usage is greater than 83 GB, a backup is run immediately followed by a purge until the database disk usage is below 83 GB. –If the backup fails and the database disk usage is greater than 83 GB, the Monitoring & Report Viewer decides to wait. For example: If you specify that you want to preserve one month of data, and the database size is greater than 139 GB within a month, the purge deletes the data on a weekly basis until the database size reaches 111 GB. If you specify that you want to preserve more than one month (for example, 5 months of data) but the database size is over111 GB, a purge occurs. If the database size remains over 111 GB after the purge, an additional month of data is purged, which results in 4 months of data preserved. Before the purge, the database is backed up. If the database size is over 139 GB, a purge occurs regardless of whether or not a database backup has occurred. If the database size remains over 111 GB, additional purges occur until the database is 111 GB. NoteIf the Incremental backup is configured as ON with no repository configured, database backup will fail and Incremental backup mode will be changed to OFF. NoteWhen incremental backup is disabled, data is purged at the end of every month (Local time). You can use the Data Purging and Incremental Backup page to: Configure purge window size Purge data from the database Assign a data repository backup location to manage backup (of the purge job) Configure incremental and full backup schedules Configure immediate backup. The ACS Database needs to be compressed as a part of maintenance operation. You can run the acsview-db-compress command from acs-config mode to reduce the physical size of the view database when there is a difference between the physical size and actual size of the view database. In ACS 5.3, database compress operation is automated. You can check the Enable ACS View Database Compress check box to compress the ACS View database automatically every day at 5 A.M. The database compress operation is run everyday automatically at 5 A.M whenever there is a need. NoteYou need to enable the log recovery option to recover the log messages that may be received during the database compress operation. If the log recovery feature is not enabled, then ACS sends an alert message to enable the log recovery feature. The following database limitations apply for ACS database compress: An automatic database compress operation is started the forthcomming day at 5 A.M as soon as the database size is greater than 111 GB.
15-5 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 15 Managing System Operations and Configuration in the Monitoring & Report Viewer Configuring Data Purging and Incremental Backup ACS displays an alert message when the difference between the physical and actual size of the view database is greater than 10 GB and less than 50 GB. Also, an automatic database compress operation is triggered when the size of the database exceeds 111 GB to avoid disk space issues. ACS displays an alert message when the difference between the physical and acutal size of the view database is greater than 50 GB. –If the log recovery feature is not enabled and the ACS view database compress option is enabled, an automatic database compress operation is triggered only after enabling the log recovery feature when the size of the database exceeds 111 GB to avoid disk space issues. –If the log recovery feature and the ACS view database compress option are enabled, an automatic database compress operation is started to avoid disk space issues. The log collector services are shut down during this operation and will be up and running after the compress operation is completed. Since you have log recovery feature enabled already, any log messages that are received during the database compress operation are recovered after the log collector services are up and running. –If the log recovery feature and the ACS view database compress options are not enabled, ACS does not trigger any database compress operation. But, if the size of the database exceeds 111 GB, an automatic database compress operation is triggered only after enabling the log recovery feature to avoid disk space issues. –If the log recovery feature is enabled, and the ACS view database compress option is not enabled, an automatic database compress operation is started when the size of the database exceeds 111 GB to avoid disk space issues. The log collector services are shut down during this operation and will be up and running after the compress operation is completed. Since you have log recovery feature enabled already, any log messages that are received during the database compress operation are recovered after the log collector services are up and running. NoteIt is recommended to perform DB compress during the maintenance hours. DB compress may take long time depends on the database size. DB compress should be done after the purge operation gets completed. From the Monitoring & Report Viewer, select Monitoring Configuration > System Operations > Data Management > Removal and Backup. Table 15-1 Data Purging and Incremental Backup Page Option Description Data Purging Data Repository Use the drop-down list box to select the data repository backup location to be used during data purging. See the CLI Reference for ACS 5.3 to add a data repository. Maximum Stored Data Period num months.Use the drop-down list box to indicate the number of months, where num is the number of months of data you want to retain in the Monitoring & Report Viewer database. View Full Database Backup Now Data Repository Use the drop-down list box to select the data repository backup location to store the full database backup. Backup Now Click Backup Now to start a full Monitoring & Report Viewer database backup. Incremental Backup
15-6 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 15 Managing System Operations and Configuration in the Monitoring & Report Viewer Configuring Data Purging and Incremental Backup Configuring NFS stagging If the utilization of /opt exceeds 30%, then it is required to use NFS staging with a remote repository in order to take successful View database backups and generate support bundles. NFS staging utilizes a Network File System (NFS) share as a staging area of additional disk space during a backup/support bundle request because these operations are disk space intensive. You can enable NFS staging via the CLI using thebackup-staging-url command. Please refer to the CLI Reference Guide for Cisco Secure Access Control System 5.3 for more information on this backup-stagging-url command. NoteThis section is not applicable to ACS backup operation as it does not suffer from the same disk space limitations as the View backup and support bundle generation. Related Topic Restoring Data from a Backup, page 15-7 On Click the On radio button to enable incremental backup. If incremental backup is enabled, the delta is backed up. Off Click the Off radio button to disable incremental backup. Configure Incremental View Database Backup Data Repository Use the drop-down list box to select a data repository for the backup files. Schedule Use the drop-down list boxes to select the time of the day when you want the incremental backup to run. Frequency Use the drop-down list box to choose the frequency at which you want the incremental backup to run. Valid options are: Daily Weekly—Typically occurs at the end of every week. Monthly—Typically occurs at the end of every month. Configure Full View Database Backup Data Repository Use the drop-down list box to select a data repository to store the backup files. Schedule Use the drop-down list boxes to select the time of the day when you want the full View database backup to run. Frequency Use the drop-down list box to choose the frequency at which you want the full View database backup to run. Valid options are: Daily Weekly—Typically occurs at the end of every week. Monthly—Typically occurs at the end of every month. Table 15-1 Data Purging and Incremental Backup Page (continued) Option Description
15-7 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 15 Managing System Operations and Configuration in the Monitoring & Report Viewer Restoring Data from a Backup Restoring Data from a Backup Use this page to restore data from the View database that was backed up earlier. You can restore data from an incremental or full backup. If you choose to restore incremental backup data, ACS restores the full View data backup and then the rest of the incremental backups one at a time in the correct sequence. To restore data from a backup: Step 1Choose Monitoring Configuration > System Operations > Data Management > Restore. The Incremental Backup Restore page appears, displaying the Available Backups to Restore table. Table 15-2 describes the columns in the table. Step 2Choose a backup file that you want to restore. NoteIf you choose an incremental backup file to restore, ACS restores all previously associated incremental and full backups. This restore process restores only the Monitoring & Report Vi ew e r d a t a . Step 3Click Restore to restore the backup file. Related Topic Configuring Data Purging and Incremental Backup, page 15-3 Viewing Log Collections Use this page to view the recently collected logs from ACS servers. From the Monitoring & Report Viewer, select Monitoring Configuration > System Operations > Log Collection. Table 15-2 Incremental Backup Restore Page Column Description Skip View Database backup before RestoreCheck this check box to skip the Monitoring & Report Viewer database backup before restoring data from a backup. This option, when checked, hastens the restore process. We recommend that you uncheck this check box because your current data might be lost if a failure occurs during the restore process. Name Name of the backup file. The backup filename includes the time stamp; for example, ACSViewBackup-20090618_003400. For an incremental backup, click the Expand icon to view the associated full and incremental backups. Date Date on which the backup is run. Repository Name of the repository that contains the backup file. Type The type of backup, Incremental or Full.
15-8 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 15 Managing System Operations and Configuration in the Monitoring & Report Viewer Viewing Log Collections NoteYou can use the refresh symbol to refresh the contents of the page. Related Topic Log Collection Details Page, page 15-9 Table 15-3 Log Collection Page Option Description ACS Server Name of the ACS server. Click to open the Log Collection Details page and view recently collected logs. Last Syslog MessageDisplay only. Indicates the arrival time of the most recent syslog message, in the format Ddd Mmm dd hh:mm:ss timezone yyyy, where: Ddd = Sun, Mon, Tue, Wed, Thu, Fri, Sat. Mmm = Jan, Feb, Apr, May, Jun, Jul, Aug, Sep, Oct, Nov, Dec. dd = A two-digit numeric representation of the day of the month, from 01 to 31. hh = A two-digit numeric representation of the hour of the day, from 00 to 23. mm = A two-digit numeric representation of the minute of the hour, from 00 to 59. ss = A two-digit numeric representation of the second of the minute, from 00 to 59. timezone = The time zone. In a distributed environment, the time zone displayed for all secondary servers corresponds to the time zone of the server in which the view is active. If your primary instance has a time zone of PDT and the secondary instance is in UTC, the secondary instance displays the time zone and timestamp of syslog messages with PDT, which corresponds to the time zone of the primary instance. yyyy = A four-digit representation of the year. Last ErrorDisplay only. Indicates the name of the most recent error message. Last Error TimeDisplay only. Indicates the arrival time of the most recent error message, in the format Ddd Mmm dd hh:mm:ss timezone yyyy, where: Ddd = Sun, Mon, Tue, Wed, Thu, Fri, Sat. Mmm = Jan, Feb, Apr, May, Jun, Jul, Aug, Sep, Oct, Nov, Dec. dd = A two-digit numeric representation of the day of the month, from 01 to 31. hh = A two-digit numeric representation of the hour of the day, from 00 to 23. mm = A two-digit numeric representation of the minute of the hour, from 00 to 59. ss = A two-digit numeric representation of the second of the minute, from 00 to 59. timezone = The time zone. In a distributed environment, the timezone displayed for all secondary servers corresponds to the timezone of the server in which the view is active. If your primary instance has a timezone of PDT and the secondary instance is in UTC, the secondary instance displays the timezone and timestamp of syslog messages with PDT, which corresponds to the timezone of the primary instance. yyyy = A four-digit representation of the year. Get Details Click to view recently collected logs for a selected ACS server.
15-9 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 15 Managing System Operations and Configuration in the Monitoring & Report Viewer Viewing Log Collections Log Collection Details Page Use this page to view the recently collected log names for an ACS server. Step 1From the Monitoring & Report Viewer, select Monitoring and Reports > Monitoring Configuration > Log Collection. Step 2Do one of the following: Click the name of an ACS server. Select the radio button of an ACS server name which you want to view recently collected logs, and click Get Details. NoteYou can use the refresh symbol to refresh the contents of the page.
15-10 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 15 Managing System Operations and Configuration in the Monitoring & Report Viewer Viewing Log Collections Related Topic Viewing Log Collections, page 15-7 Table 15-4 Log Collection Details Page Option Description Log Name Name of the log file. Last Syslog MessageDisplay only. Indicates the arrival time of the most recent syslog message, in the format Ddd Mmm dd hh:mm:ss timezone yyyy, where: Ddd = Sun, Mon, Tue, Wed, Thu, Fri, Sat. Mmm = Jan, Feb, Apr, May, Jun, Jul, Aug, Sep, Oct, Nov, Dec. dd = A two-digit numeric representation of the day of the month, from 01 to 31. hh = A two-digit numeric representation of the hour of the day, from 00 to 23. mm = A two-digit numeric representation of the minute of the hour, from 00 to 59. ss = A two-digit numeric representation of the second of the minute, from 00 to 59. timezone = The time zone. In a distributed environment, the timezone displayed for all secondary servers corresponds to the timezone of the server in which the view is active. If your primary instance has a timezone of PDT and the secondary instance is in UTC, the secondary instance displays the timezone and timestamp of syslog messages with PDT, which corresponds to the timezone of the primary instance. yyyy = A four-digit representation of the year. Last ErrorDisplay only. Indicates the name of the most recent error message. Last Error TimeDisplay only. Indicates the arrival time of the most recent error message, in the format Ddd Mmm dd hh:mm:ss timezone yyyy, where: Ddd = Sun, Mon, Tue, Wed, Thu, Fri, Sat. Mmm = Jan, Feb, Apr, May, Jun, Jul, Aug, Sep, Oct, Nov, Dec. dd = A two-digit numeric representation of the day of the month, from 01 to 31. hh = A two-digit numeric representation of the hour of the day, from 00 to 23. mm = A two-digit numeric representation of the minute of the hour, from 00 to 59. ss = A two-digit numeric representation of the second of the minute, from 00 to 59. timezone = The time zone. In a distributed environment, the timezone displayed for all secondary servers corresponds to the timezone of the server in which the view is active. If your primary instance has a timezone of PDT and the secondary instance is in UTC, the secondary instance displays the timezone and timestamp of syslog messages with PDT, which corresponds to the timezone of the primary instance. yyyy = A four-digit representation of the year. Back Click to return to the Log Collection page. Refresh Click to refresh the data in this page.
15-11 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 15 Managing System Operations and Configuration in the Monitoring & Report Viewer Recovering Log Messages Recovering Log Messages ACS server sends syslog messages to the Monitoring and Report Viewer for the activities such as passed authentication, failed attempts, authorization, accounting, and so on. The syslog messages have a sequence number attached. If the Monitoring and Report Viewer goes down or if it is not able to receive messages from ACS, then the Monitoring and Report Viewer retries those missed logs from ACS, using the logging recovery mechanism. The Monitoring and Report Viewer processes the syslog messages, and identifies any discrepancies in the sequence. In this way, it finds the messages that have been missed. The Monitoring and Report Viewer then notifies the ACS server to resend the missing log messages. ACS server processes the messages stored in its local store and resends them to the Monitoring and Report Viewer. NoteFor the Recovering Log Messages feature to work as desired, you must enable the Log to Local Target option for the relevant logging categories in ACS under System Administration > Configuration > Log Configuration > Logging Categories > Global. To enable Recovering Log Messages, from the Monitoring & Report Viewer, select Monitoring Configuration > System Operations > Log Message Recovery. NoteView logging recovery will not retrieve the missed logs when the View Logging Recovery feature is disabled and the view is down. Viewing Scheduled Jobs Use this page to view the scheduled jobs. From the Monitoring & Report Viewer, select Monitoring Configuration > System Operations > Scheduler. Table 15-5 Log Message Recovery Page Option Description Log Message Recovery Option On Enable the log message recovery feature. Off Disable the log message recovery feature. Configure Log Message Recovery Intervals Run Every Minute(s) Set the duration in minutes, at which the recovery should happen. Run Every Hour(s) Set the duration in hours, at which the recovery should happen. Configure Missing Entry count to be re-sent by Collector No.of Missing Entries to be re-sent by Collector during recovery at a timeMaximum number of missing entries that can be sent by the ACS server at a time.The default limit is 1000 and the maximum limit is 9999. If you set value higher than this, ACS performance might go down.
15-12 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 15 Managing System Operations and Configuration in the Monitoring & Report Viewer Viewing Scheduled Jobs NoteWhen you change any schedule through the ACS web interface, for the new schedule to take effect, you must manually restart the Job Manager process. For more information on the CLI command to restart processes, refer to http://preview.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.3/command/ reference/cli_app_a.html. Table 15-6 Scheduler Status Page Option Description NameDisplay only. Name of the job. Ty p eDisplay only. Type of associated job; for example, Incremental Backup Utility, Session Termination, DB Aggregation Event, Database Purge Utility, and so on. This list includes both system- and user-defined jobs. OwnerDisplay only. Owner of the associated job—System. Last Run TimeDisplay only. Time of the associated job, in the format Ddd Mmm dd hh:mm:ss timezone yyyy, where: Ddd = Sun, Mon, Tue, Wed, Thu, Fri, Sat. Mmm = Jan, Feb, Apr, May, Jun, Jul, Aug, Sep, Oct, Nov, Dec. dd = A two-digit numeric representation of the day of the month, from 01 to 31. hh = A two-digit numeric representation of the hour of the day, from 00 to 23. mm = A two-digit numeric representation of the minute of the hour, from 00 to 59. ss = A two-digit numeric representation of the second of the minute, from 00 to 59. timezone = The time zone. yyyy = A four-digit representation of the year. Last Run ResultDisplay only. The result of the last run of the associated job. StatusDisplay only. The status of the associated job.