ACS Proxy Distribution Table - Logs ?

Similar Messages

• ACS error, AAA Server is a referenced in the Proxy Distribution Table

  When installing the ACS appliance (4.1) I have an issue where during the setup it prompts for a static address, Gateway, and DNS. This fine and network connectivity is tested during this time and success.
  The issue seems to be fine but that when logging in to the GUI under Network Configuration>AAA servers.
  AAA server AAA server IP address AAA server type
  self 10.10.10.1 CiscoSecure ACS
  ciscoacs 169.254.25.58 CiscoSecure ACS
  Under Network Configuration>Proxy Distribution Table
  Character String AAA Servers Strip Account
  Default ciscoacs no Local
  The 2 questions I have how to stop the 169.x.x.x address or why this is being put into the configuration, and how to delete as the following error is obsvered when trying.
  ACS error when trying to delete..
  “Can not Delete AAA Server, AAA Server is a referenced in the Proxy Distribution Table”
  Many Thanks MJ

  Go to,
  Network configuration > Proxy Distribution Table > (Default).
  swap the entry in this section under tables AAA Server and Forward to > Submit + Restart.
  Then try to delete 169.x.x.x entry.
  Regards,
  Prem

• Use of proxy distribution table in ACS v4.0

  HI All,
  We are running with Cisco ACS v4.0 AAA server, Here I need the use of Proxy distribution table.
  Why is this required and what is the functionality of it.
  Regards
  Suresh

  Use ACS as Proxy in a distributed enviornment.
  Using proxy, ACS automatically forwards an  authentication requests from AAA clients to AAA servers. After the  request has been successfully authenticated, the authorization  privileges that you configured for the user on the remote AAA server are  passed back to the original ACS, where the AAA client applies the user  profile information for that session.
  Fallback on Failed Connection
  You can configure the order in which ACS checks remote AAA servers if a  failure of the network connection to the primary AAA server occurs. If  an authentication request cannot be sent to the first listed server,  because of a network failure for example, the next listed server is  checked. This checking continues, in order, down the list, until the  AAA servers handles the authentication request. (Failed connections are  detected by failure of the nominated server to respond within a  specified time period. That is, the request is timed out.) If ACS cannot  connect to any server in the list, authentication fails.
  Stripping
  Stripping allows ACS to remove, or strip, the matched character string  from the username. When you enable stripping, ACS examines each  authentication request for matching information.
  Regards,
  Jatin Katyal
  - Do rate helpful posts -

• Adding AAA servers to ACS to use Proxy RADIUS distribution Table

  Hello,
  I've added two non ACS radius servers (Radiator) to the AAA servers on Network Config, in order to use them on a proxy distribution table.
  I had problems authenticating users through those servers and I did a sniffer trace on the outside interface of the ACS.
  What I saw is that ACS sends packets to the AAA server configured as RADIUS on port 1645, not 1812, the expected standard, and port to which the others servers are listening to. How can I change this behaviour?
  Thanks
  Gustavo

  ACS by default will listen on both ports 1645 and 1812, the two "standard" Radius ports. However, when talking to a proxy server it will only send them on 1645, by default. To change this you have to go into the registry and change it as follows:
  Under [HKEY_LOCAL_MACHINE\SOFTWARE\Cisco\CiscoAAAv3.x\Hosts\\RADIUS] (where is the server you want to send the 1812 reuests to, and note that you may have to add the RADIUS key if it isn't there already), you can add the following:
  "authPort"=dword:0000066e <<---- 1645
  "acctPort"=dword:0000066d <<---- 1646
  "timeout"=dword:00000001
  "single connection"=dword:00000000
  "strip users"=dword:00000000
  You don't need all of them, you can just change the authPort to 1812 (714 in hex) and acctPort to 1813 (0x715) and you should be good to go. Make sure you reboot the server after making the registry changes. Keys are case-sensitive too so make sure you type them in EXACTLY as I've shown above.

• ACS v2.6 with Distribution Table

  All,
  I recently inherited the duties of an ACS 2.6 Server. I have built 2 other ACS boxes in the past (more recent versions), but I am perplexed by the configuration and the way ACS was configured. I looked at some logs, and realized that none of the information was being replicated to the secondary ACS machine for the past few years. I found this out when I tried to log into a router that had specified the secondary ACS first in the config, and I wasn't allowed to login, since my account ID was not on the secondary box. For the most part, all information in the 2 machines are the same, with the exception of my newly created user account. I figured I would set the replication up properly, and force replication, but nothign happened. The logs state that replication was completed successfully, but the 2 Cisco Databases are not the same. I then went into "Network Configuration", and there was a Distribution Table Entry, with only the primary ACS name present. Anyhow, I changed that to include both the primary and secondary ACS names, and upon doing this, I was able to get authenticated to the router, but this is because the secondary server is proxying my request to the primary box, at which point I can be verified in the database. Now, my main questions are, how can I replicate my information over to the secondary box (does this mean altering the Distribution Table entries again)? My network doesn't have 10 ACS servers where I would need to proxy user information, like it is now, but I have always set it up as a primary and a secondary, and am a little confused on how to handle this. Any help wuold be appreciated!
  Thanks,
  Matt

  Hello,
  Replication can be tricky, especially on the older versions of ACS. I just now verified that on all verions of ACS through 3.1 (including 2.6 and starting even before 2.4), replication can only take place between two ACS servers of the EXACT same rev, patches and all. I hope that is not your problem; for example per Cisco TAC to replicate between 2.4 and 2.6, you have to start out by replicating between two boxes at 2.4 and then upgrade one to 2.6. And as I recall, even when you try to replicate between two different versions, the logs can state that it was successful when it really wasn't. Believe me, replicating between two revs will not work, no matter how creative you get.
  If both servers are the same rev of ACS, then verify the settings on both boxes at the System Configuration --> CiscoSecure Database Replication page. You may have already done this, and if so let me know...
  Primary server:
  Replication Components - the appropriate items should be checked for "send"
  Partners - the secondary server should be listed under "Replication"
  Secondary server:
  Replication Components - the appropriate items should be checked for "receive"
  Note: be careful if you plan to receive the Distribution Table, can result in circular proxying
  Partners - the primary server should be listed under "Replication"
  Inbound Replication - primary server or "any known" should be selected.
  Let me know how that works out. Good luck!

• Too Many Table logs in DBTABLOG, RSTBPDEL is taking too much time

  Hi Experts,
  In one of our CRM system, DBTABLOG table is logging one table which is having 1 Billion entries right now. Business dont want to switch off the logging at this moment. But the table is increasing rapidly 42 Gb per month. RSTBPDEL program is running from weeks to delete them, but no control on increment.
  Can you please suggest any way to delete them quickly at first, so that my house keeping job will run daily and finish soon.
  Regards,
  Mohan.

  Hello Mohan,
  The DBTABLOG table does get large, the best is to switch off logging. If that's not possible, increase the frequency of your delete job, also explore one more alternative have a look at the archival object: BC_DBLOGS, you could archive old records (in accordance with your customer's data retention policies) to reduce the size of the table.
  Also, have a look at the following notes, they will advise you on how to improve the performance of your delete job:
  Note 531923 - Audit Trail: Indexes on table DBTABLOG
  Note 579980 - Table logs: Performance during access to DBTABLOG
  Regards,
  Siddhesh

• How to determine Default Table Logging (log data changes )

  Does anyone know how to view exactly what tables and related data fields have change logging enabled by default? I know that some of the standard reports will produce "edit reports" show who changed what field, when ,old and new values, etc, but I don't know how to determine where the data is retrieved from.
  For example: If I look in the ABAP Dictionary at table LFA1, technical settings, it shows that log data changes is not "checked" or enabled. But if I run the standard AR Master Data Change Report, I get output showing valid field changes.
  I have seen other threads that refer to SCU3 but I can't determine the above this from report.
  Any assistance would be greatly appreciated.

  Hi Arthur,
  As far as I am aware, these are 2 different things. 
  There is table logging which is at the table level & if activated (i.e. it's listed in table DD0LV, PROTOKOLL=X and the table logging parameter is set in the system profile/s).
  The second one is programatical logging for change documents when data is maintained though a program that has been written to include a log.  I'm not sure how to identify a complete lit of these though unfortunately.
  Hope that is of some assistance.

• Impact of Table Logging on Standard SAP Tables

  Table Logging is not currently active in our system, so if we activate this parameter what will be the impact on system standard tables.
  Please find the below example,
  For some Standard SAP Tables, the table logging is already enabled, but as overall logging is not activated in the system, the logs are not getting saved for these tables as well.
  in the above table the log data changes have been enabled, but as per the below screenshot the overall logging is disabled.
  so, if this is enabled, what impact will it have on the system standard tables.

  Please move this to BW area of SCN, BI platform space is for Analytics/Business Objects platform.

• Recording Differences in Long Text Changes via Table Logging and AUT10

  Hello,
  I am trying to record changes to Long Text generated in a DMS DIR.  (This field is the Language Dependent Description field.)  We have set the system profile param rec/client.    We have enabled table logging for STXH & STXL in SE11.  When we make a change to the Long Text, we try to display the results in AUT10.  A change is indicated but when displayed, the text seems identical. 
  When displaying Logging status in RSTBHIST, the Active box for STXL is not checked despite the fact that we have set the "Log changes" box in SE11.
  Note #573291 talks about installing a PH-ELR add-on.  Is that necessary if we are already running SAP_APPL 6.04?
  Also, is Table Logging the best approach to capture these changes to Long Text?  Is there any way we could use Change Docs"?
  The field width of DBTABLOG-LOGDATA = 16000 if that matters.
  Thanks for any responses.
  Edited by: John K Ryan on Oct 13, 2011 9:20 AM

  Tobias,
  "You created a dynpro based transaction which allows you to change
  the content of a text. The text to change is not part of the dynpro
  screen, but you want to set it into an ITS field where you can access
  it using Bussiness HTML. Is this correct?"
  <b><u>This is correct.</u></b>
  Below is the portion of HTML template code in which I'm defining the web screen pushbuttons, providing the pushbutton names, and linking same to the function codes defined in the R/3 transaction.
  This is my first experience with ITS, so if I've missed something glaringly obvious, I apologize in advance.
  Thanks!
  <table>
    <tr>
      <input type=submit name="~OKCode=ANAL" value="Analysis Long Text">
    </tr>
    <tr>
      <input type=submit name="~OKCode=ROOT" value="Root Cause Long Text">
    </tr>
    <tr>
      <input type=submit name="~OKCode=RMCA" value="Remedial Corrective Action Plan Long Text">
    </tr>
    <tr>
      <input type=submit name="~OKCode=CRAP" value="Corrective Action Plan Long Text">
    </tr>
    <tr>
      <input type=submit name="~OKCode=PRAP" value="Preventative Action Plan Long Text">
    </tr>
    <tr>
      <input type=submit name="~OKCode=COMM" value="Comments">
    </tr>
  </table>

• Automatic table logs?

  Hi,
  Logging table changes, produced by dml operations, is a very often requirement in today's information systems (what was changed, by whom, from which machine, when, etc). The best I could do in the past, explicitly with Oracle, was to automatically generate the change log table, procedure and triggers to handle the automatic logging, for a given table. I made it in pl/sql, so, it's not very flexible. A more general and portable solution could be to make the procedure in java, so using metadata you can have only one generic procedure for all the logging triggers (maybe this is not very efficient, mmm).
  I was surfing the net and I found something called Change Data Capture (CDC) from Oracle, whose intended usage is for dataware house processing. I do not want, yet ;-), to enter into the exotic world of datawares, datamining, etc. But the article mentioned something that I have been thinking for a while: why do I need to manually store the changes made to the tables, if the dbms already has this information (redo-logs or something like that); in fact, I think that this detailed information is used to allow rollbacks and related stuff, but this is only a belief.
  So, the point is to tell the dbms: let me access your internal logs, in a friendly and automatic way. Either, copy them for me into another table or let me access them with a tabular-view; so I can query them like any other table. The CDC seems to be a more general approach, since it allows to install some kind of "listeners" to the data-change-events and to do something with them (like synchronization). Then, maybe using CDC for normal table logging is like killing flies with bombs, I do not know.
  Then, I was wondering: what is the better approach to make automatic table logging in Oracle?
  Thanks in advance.
  salu2
  dario estepario ...

  Hi,
  Well, then I suppose the red-logs are discarded, but what about cdc in general?
  On the other hand, following your advice, I took a quick look at both the fine-grained constraints and the workspace manager. These are my first impressions:
  1. The fine-grained feature is more related to security concerns, so, the lowest level of data stored seems to be the sql instruction. Therefore, this options appears not so suitable for the task (I could be wrong, however).
  2. The workspace manager is a control versioning system for the data, but in particular, or as a side effect of that feature, it implements change logs automatically. I ran a little example and it worked pretty well. I just had to call a pl/sql package procedure to enable versioning on the table and, automatically, another view was created. It mirrored the columns of the original table plus some fields with additional information (like timestamps, db user, operation, etc).
  So, this option seems like a very good candidate for doing the logging work. The only concern I have right now, is how to tell the framework to save more data (like information coming from upper layers: app user, client ip, etc).
  Thanks for your help,
  Regards,
  dario estepario ...

• Question about table logs in SAP

  Hello,
  What table's do the transaction codes ST03 and STAD retrieve log history files from?
  Are these tables automatically logged by SAP, such as table CHDHR, or does table logging specifically have to be turned on for these table's?
  Help is greatly appreciated on this. Thanks in advance,
  Adamo

  ST03 tables I believe are SAP Workload Tables. You can search SE16 for:
  SAPWL*
  rgds,
  Babak

• Audit Log - Table Log

  Hi everyone,
  Can anyone tell me if i activate table logging on a table (not customizing table) like MARC table, what information is saved in the system?.
  Can I check or know, previous the audit log activation over this table, what fields or what information is recorded?
  thanks,
  HEPC

  This is table logging for customizing type entries in not necessarily what you are looking for.
  For master data you need to use the application change documents (table CDHDR etc) which is a different concept (I would use that route and protect the object S_ARCHIVE).
  What you are actually looking for (and waiting for) is [the package concept at runtime|http://forums.sdn.sap.com/click.jspa?searchID=58483939&messageID=4675719] which developers can already see as warnings. It also means that the package which the table is assigned to must have a complete set of APIs.
  I would personally not look for workarounds with performance impacts, but rather clean up the code to make it package concept conform, and then use the application change documents and not the table change records.
  This is a better design - more sustainable, less hassles and auditable (via where-used-lists).
  My 2 cents,
  Julius

• Client copy error: Table logging in program RSCLXCOP disabled by user

  Hi,
  While doing client export from a system, I am getting the below error in test run:
  Table logging in program RSCLXCOP disabled by user
  Kindly advice.
  Thanks & regards,
  Kunal Patel.

  Hi
  Note 446485 - CC-ADMIN: Special copying options
  It would help you out, but do check double time.

• Table Logging in Fire Fighter (Super User Privilege Management)

  Does anyone know exactly which sources does the Firefighter Log Report take into account?
  I would think that Change Documents (CDHDR CDPOS) and Workload Stats for TX (STAT) exexcution are part of it. Does anyone know whether table logging entries (DBTABLOG) are also displayed in the report?
  Thanks alot.
  Best regards,
  Alex

  Amongst other things, you can check the status of the table logging in SE13.
  Regardless of the application reporting, you can check the log via SCU3.
  Cheers,
  Julius

• Table Logging

  What is the best way to capture material determination changes?    The DBTABLOG table is 180GB in size so another way needs to be investigated other than setting on table logging for the material determination tables.
  There is no built-in SAP change record functionality in VB11-VB13 like there is in (for example)  VK11-VK13,  price records.
  I know this is a BASIS question but I cannot find a BASIS forum so I entered the question here because the tables are S/D tables.
  Thank you,
  Edited by: LP on Apr 14, 2008 4:23 PM

  Why not do a quick test?
  SQL> create table t as select * from user_tables;
  Table created.
  SQL>
  SQL> create or replace
    2  procedure count_t as
    3     l_count number;
    4  begin
    5     select count(*)
    6     into   l_count
    7     from   t;
    8  end;
    9  /
  Procedure created.
  SQL>
  SQL> alter table t nologging;
  Table altered.
  SQL> select object_name, object_type, status from user_objects where object_name = 'COUNT_T';
  OBJECT_NAME                    OBJECT_TYPE        STATUS
  COUNT_T                        PROCEDURE          VALIDAt least in this case, it doesn't invalidate it.