Additional Logs Maintained by ACS


In addition to the CSV logs that ACS maintains for reporting, ACS also maintains what are known as service logs. Service logs are log files stored on the ACS itself that contain information about the process that ACS runs and its activity. The following list contains the service logs kept by ACS and their locations:

  • CSAdmin located in the directory C:\Program Files\CiscoSecure ACS v3.2\CSAdmin\Logs

  • CSAuth located in the directory C:\Program Files\CiscoSecure ACS v3.2\CSAuth\Logs

  • CSDBSync located in the directory C:\Program Files\CiscoSecure ACS v3.2\CSDBSync\Logs

  • CSLog located in the directory C:\Program Files\CiscoSecure ACS v3.2\CSLog\Logs

  • CSMon located in the directory C:\Program Files\CiscoSecure ACS v3.2\CSMon\Logs

  • CSRadius located in the directory C:\Program Files\CiscoSecure ACS v3.2\CSRadius\Logs

  • CSTacacs located in the directory C:\Program Files\CiscoSecure ACS v3.2\CSTacacs\Logs

NOTE

These directory paths are available only in the ACS for Windows Server and are not available on the Solutions Engine. You can retrieve the service logs on the ACS Solutions Engine by running the support command at the command-line interface (CLI) or using the Support page in System Configuration. This is not covered in this chapter.


Each of these directories has a current log designated by the following names:

  • ADMIN.log for the CSAdmin service

  • AUTH.log for the CSAuth service

  • CSdbSync.log for the CSbdSync service

  • CSLog.log for the CSLog service

  • CSMon.log for the CSMon service

  • RDS.log for the CSRadius service

  • TCS.log for the CSTacacs service

In each directory, you see additional logs designated by date. These logs take the following format: Service Year-Month-Day.log.

If the log file were named AUTH 2003-12-14.log, this would indicate that you are looking at the CSAuth log that was created on December 12th, 2003.

Understanding the Options for Configuring Service Logs

Service logs can be configured in the System Configuration tab under the Service Control link. The following options are available for managing and configuring log files:

  • Level of detail You can set the service log file to contain one of three levels of detail:

    - None No log file is generated.

    - Low Only start and stop actions are logged.

    - Full All services actions are logged.

  • Generate new file You can control how often a new service log file is created:

    - Every Day ACS generates a new log file at 12:01 a.m. local time every day.

    - Every Week ACS generates a new log file at 12:01 a.m. local time every Sunday.

    - Every Month ACS generates a new log file at 12:01 a.m. on the first day of every month.

    - When Size Is Greater than x KB ACS generates a new log file after the current service log file reaches the size specified, in kilobytes, by x.

  • Manage Directory You can control how long service log files are kept:

    - Keep only the last x files ACS retains up to the number of files specified by x.

    - Delete files older than x days ACS retains only those service logs that are not older than the number of days specified by x.

Configuring Service Log Options

To configure how ACS generates and manages the service log file, follow these steps:

Step 1.

In the left navigation bar, select System Configuration.

Step 2.

Select Service Control.

Step 3.

To disable the service log file, under Level of Detail, select the None option.

By choosing this selection and restarting ACS, it will no longer generate service logs. Once you have selected this option, items under Generate New File will no longer have any effect.

Step 4.

To configure how often ACS creates a service log file, select one of the options under Generate New File.

You can manage the number of log files ACS keeps. To do so, perform these steps:

Step 1.

Select the Manage Directory check box.

Step 2.

To limit the number of service log files ACS retains, select the Keep only the last X files option and in the X box type the number of files you want ACS to retain.

Step 3.

To limit how old service log files retained by ACS can be, select the Delete files older than X days option and in the X box type the number of days for which ACS should retain a service log file before deleting it.

Step 4.

When all appropriate configurations have been made, select Restart.




Cisco Access Control Security(c) AAA Administrative Services
Cisco Access Control Security: AAA Administration Services
ISBN: 1587051249
EAN: 2147483647
Year: 2006
Pages: 173

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net