ACS SE Log Retention?

Similar Messages

• Archive purchase document  log -  Retention period not maintained

  Hello Everybody,
     I have been trying to archive the Purchase document, I have also set the Retention period is 0 (Zero), but  when i archive the some Purchase document, it is give log like that
  Object                                                     Message
  4700000053 00010                                           Retention period not maintained
  4700000066 00010                                           Retention period not maintained
  4700000079 00010                                           Retention period not maintained
  So please suggest me how to solve the problem
  Thanks

  Solved, by archiving

• Audit & System Log Retention Policy

  Hello Everyone,
  I am trying to collect informatiion from various sources to see what the standard industry practice is to maintain the Audit & Systems Logs? This information will be crucial for us determine how many days worth of logs we should keep and what we can delete. Any information will be highly appreicated.
  Thanks!
  RK

  #THIS DOES NOT WORK
  CONFIGURE RETENTION POLICY TO REDUNDANCY 2;
  CONFIGURE BACKUP OPTIMIZATION OFF; # default
  CONFIGURE DEFAULT DEVICE TYPE TO DISK; # default
  CONFIGURE CONTROLFILE AUTOBACKUP ON;
  CONFIGURE CONTROLFILE AUTOBACKUP FORMAT FOR DEVICE TYPE DISK TO '\\medabdb2\rmandisk\%F';
  CONFIGURE DEVICE TYPE DISK PARALLELISM 1; # default
  CONFIGURE DATAFILE BACKUP COPIES FOR DEVICE TYPE DISK TO 1; # default
  CONFIGURE ARCHIVELOG BACKUP COPIES FOR DEVICE TYPE DISK TO 1; # default
  CONFIGURE MAXSETSIZE TO UNLIMITED; # default
  CONFIGURE SNAPSHOT CONTROLFILE NAME TO 'C:\ORACLE\ORA92\DATABASE\SNCFABANO.ORA'; # default
  #THIS WORKS
  CONFIGURE RETENTION POLICY TO REDUNDANCY 1; # default
  CONFIGURE BACKUP OPTIMIZATION OFF; # default
  CONFIGURE DEFAULT DEVICE TYPE TO DISK; # default
  CONFIGURE CONTROLFILE AUTOBACKUP OFF; # default
  CONFIGURE CONTROLFILE AUTOBACKUP FORMAT FOR DEVICE TYPE DISK TO 'D:\RmanDisk\%F';
  CONFIGURE DEVICE TYPE DISK PARALLELISM 1; # default
  CONFIGURE DATAFILE BACKUP COPIES FOR DEVICE TYPE DISK TO 1; # default
  CONFIGURE ARCHIVELOG BACKUP COPIES FOR DEVICE TYPE DISK TO 1; # default
  CONFIGURE MAXSETSIZE TO UNLIMITED; # default
  CONFIGURE SNAPSHOT CONTROLFILE NAME TO 'D:\ORACLE\ORA92\DATABASE\SNCFORCL.ORA';# default
  System that works has redundancy to 1; nothing changes even if I set the redundancy to 1 for the system that does not work...
  Bye.
  Message was edited by:
  Stefano IT

• Cisco Secure ACS not logging correctly

  I asked an ACS question in this thread the other day and it got answered so not sure if this is the right thread or not but I couldn't see any ACS questions under the Security or AAA threads.
  I'm running 2 ACS 4.2(patch 11) servers and the logging seems to have stopped working. Whilst some events are logged sporadically (some devices in particular consistently work - CatOS switches seem to still log TACACS accounting), the majority of messages I would expect to see in most of the logs are not present.
  I have tried changing the frequency of the logging from monthly to weekly to daily and each time I change the frequency its as if some messages that were "held up" suddenly appear in the penultimate log file where they should have been present the whole time.
  I can confirm that the ACS server is handling the AAA correctly just that it seems to not log it.
  I was thinking about raising a TAC but thought I'd try here first.

  Paul
  I was browsing by and I want to express our collective thanks to those who raise a question and then come back to post an answer when they have solved the issue. It helps make the forum more useful when people can read about an issue and can read what resolved the issue. And it is even better when the original poster is able to post the solution.
  So thanks to you.
  HTH
  Rick

• ACS -current log file CSMonLog Active.csv is showing blank

  under ACS service monitoring TAB, the current log file CSMonLog Active.csv is showing blank ?
  Could anyone let me know why this happens ?

  CSMon—CSMon service is responsible for the monitoring, recording, and notification of Cisco Secure CS ACS performance, and includes automatic response to some scenarios. For instance,TACACS+ and RADIUS service dies, CS ACS by default restarts all the services, unless otherwise configured. Monitoring includes monitoring the overall status of Cisco Secure ACS and the system on which it is running. CSMon actively monitors three basic sets of system parameters:
      Generic host system state—monitors disk space, processor utilization, and memory utilization.
      Application-specific performance—periodically performs a test login each minute using a special built-in test account by default.
      System resource consumption by Cisco Secure ACS—CSMon periodically monitors and records the usage by Cisco Secure ACS of a small set of key system resources. Handles counts, memory utilization, processor utilization, thread used, and failed log-on attempts, and compares these to predetermined thresholds for indications of atypical behavior.
  CSMon works with CSAuth to keep track of user accounts that are disabled for exceeding their failed attempts count maximum. If configured, CSMon provides immediate warning of brute force attacks by alerting the administrator that a large number of accounts have been disabled.
  By default CSMon records exception events in logs both in the CSV file and Windows Event Log that you can use to diagnose problems. Optionally you can configure event notification via e-mail so that notification for exception events and outcomes includes the current state of Cisco Secure ACS at the time of the message transmission. The default notification method is simple mail-transfer protocol (SMTP) e-mail, but you can create scripts to enable other methods. However, if the event is a failure, CSMon takes the actions that are hard-coded when the triggering event is detected. If the event is a warning event, it is logged, the administrator is notified if it is configured, and no further action is taken. After a sequence of re-tries, CSMon also attempts to fix the cause of the failure and individual service restarts. It is possible to integrate custom-defined action with CSMon service, so that a user-defined action can be taken based on specific events.
  Answering your query: This may be a brand new installation OR none of ACS services restarted lately so logs OR CSMON logging might have disabled under system configuration > Logging.
  ~BR
  Jatin Katyal
  **Do rate helpful posts**

• E-mail tracking/log retention

  Not so much of a technical issue, but was wondering how long everyone keeps their message tracking and/or e-mail logs around?  We use an M-Series, and it looks like you can't specify retention time, rather, you have to manually configure your disk size to limit or increase the amount of data you're keeping.
  I'm curios what other folks are doing, how long they're keeping message tracking data available and/or if they have an overall e-mail retention policy.  I know some firms are under government guidelines to archive all electronic communication for 7 years or similar.
  Thanks.

  This is something that we are starting to discuss in our shop.   We are just starting to have e-mail retention/archive/discovery conversations and the logs on the IronPort appliances come into that every once in a while.  If it is something that is easy to do it may be advantageous to add the ability to set retention of these logs by length of time.  From a technical stand point so many MB is great, logic, easy to understand.  Unfortunately in the business/legal world they use a different type of thinking and like to speak in terms of days.  At least, that's been my expierience.
  Long live the Iron Nation
  Jason

• How to adjust SM21 logs retention Period

  Hi,
  My requirement it to get the system logs for minimum for 5 months,
  i have set the parameter "rslg/max_diskspace/central"
  but still i am getting the logs for 13 days only.
  So please let me know the exact clean up job name for SM21 log,
  so that i can adjust the retention period.
  and also do i need to adjust the parameter "rslg/max_diskspace/local" too to get the required SM21 logs?
  Regards,

  hi,
  For the list of standard jobs please refer this sap note
  16083    Standard jobs, reorganization jobs
  1411877 New standard jobs
  For the system log details please refer this points
  1. The local system log file
  a) File names
  The local system log file that is written to each application server is determined by the profile parameter  rslg/local/file.
  The name of the file is usually SLOG<inr>, where <inr> is the instance number. Therefore, the name is SLOG77, for example.
  In most systems, the profile parameter rslg/local/old_file  is also set and points to a file SLOGO<inr>. This 'old' local system log file is not created by default. Instead, the current local system log file is written 'in a circle'.
  b) File size
  'Writing in a circle' means the following: If the file has reached the maximum size (profile parameter rslg/max_diskspace/local), the system overwrites the oldest entry with the latest entry and so on. The local system log file always has the same file size as of this moment. The profile parameter rslg/max_diskspace/local describes the maximum file size in bytes. If you switch from non-Unicode to Unicode, you must double the value of this profile parameter.
  The central system log file
  a) File names
  The profile parameter rslg/central/file describes the name of the current central system log file, and the profile parameter
  rslg/central/old_file describes the name of the 'old' central system log file.
  b) Size of files
  The profile parameter  rslg/max_diskspace/central specifies a size in  bytes. If the current system log file has reached half of this size, it  is copied to rslg/central/old_file, and a new current central system log file is started.
  Additionally refer this note
  862  Reduce size of system log file
  Regards,
  Naveen.
  Edited by: Naveen Kumar on Mar 5, 2012 2:18 PM

• ACS Accouting Logs

  Is there anyway within ACS to generate logs for just a certain users not all users and to be able to automate this process?

  Accounting logs contain information about the use of remote access services by users. In the HTML interface, all accounting logs can be enabled, configured, and viewed.Refer following URL
  http://www.cisco.com/en/US/products/sw/secursw/ps5338/products_user_guide_chapter09186a0080204d0d.html#wp986166

• Cisco ACS MAB logs - last time a MAC registered

  Just starting to implement MAB and was wondering if there is a way to check for MAC addresss that have not been online in over 6 months.  There are only so man MACs that the ACS can hold, and I dont want systems that have been removed from the company hanging out in the system.  I haven't been able to find a report that can show this.

  Looked around the monitoring and reports viewer.  I might have worded it wrong.  I am trying to run a report that would show a host that hasn't been looged in the last 6 months.  Basically if a computer is destroyed and not in use anymore, but not taken out of ACS.  I want to use this type of report as a way of keeping the ACS host list clean.

• Automatic User Device Affinity - Audit logs retention

  Hello,
  We have problems on generating primary user info on a lot Computers and we suspect that problem is because audit logs are kept for too short time.
  So the config is following:
  1) User device affinity threshold (minutes): 2880
  2) User device affinity threshold (days): 30
  So there are two questions:
  1) For how long do we need to keep audit logs on SCCM client to successfully generate user device affinity;
  2) How long do we need to wait till information populates in SCCM DB?
  Thanks,
  Pēteris

  Also from UserAffinity.log I can see that information is sent with state messages:
  "Found same state message existing. (was sent before) Skip sending same state message for user"
  Hi,
  You could try to delete state message about the user in WMI on a client to see if user device affinity could be populated. That is stored in root\ccm\statemsg -> Enum Classes -> Recursive -> double-click CCM_StateMsg -> Instances. There
  should be messages that contain "domain/user_Auto".
  Best Regards,
  Joyce
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• Cisco Prime infrastructure data (log) retention information

  Hello,
  Given that:
  It is possible to backup and restore the system.
  I can archive my backups and log on an historical storage.Is it possible
  Restoring / loading the backed-up information for a delayed forensic analisys  without having to set the system off line even temporary  ?
  Usually a restore operation is performed when there is a need to restore or replace a faulty system and it usually it wipes out the previous state or information.
  Do the log files contain all available information including forensic files or arte they included in the backup files ?
  What can we do if there is a need ( for example for forensic reasons) to load and re-play old information for further analisys ?
  Is it possible to have an off line access to historical archived information ?
  Thanks.
  G.

  Depends what you mean by forensic files, the type of information you are looking to retrieve, and your PI installation (i.e. VM vs physical appliance). You can snapshot vms easily, and retain them indefinately if you have the resources. A PI appliance restore will write over the live system and require some downtime. Information contained in a PI application backup will depend upon your data rentention and logging configuration.  You can also log from PI to an external syslog server, again the logging level will determine how much information is there.

• Transaction Logs - Retention Period

  Hi,
  Which parameter/bg job is responsible for maintaining the transaction log for <n> number of days?
  Regards,
  Cs

  Hi Cs,
  The data is you get from STAD is stored at the OS level file (location given by the parameter stat/file). This parameter points by default to the instance-specific /Data-directory (for example: \usr\sap\<SID>\DVEBMGS00\data) however this can be changed depending on your choice.
  For each hour a new stat file is written.
  The parameter stat/maxfiles determines how many stat files will be written until the oldest is overwritten.
  So depending on your requirement and available disk space size, you can increase these parameters.
  Note - these parameters are instance specific. you have to maintain for each instance you may have.
  Regards,
  Debasis.

• Server log retention management

  I have a client running Snow Leopard Server in their offices. We would like to keep the server logs for a longer period than the defaults. I can't find documentation on how to achieve this, so any pointers would be welcomed.
  Thanks,
  Des

  This is controlled by /etc/newsyslog.conf.  An example line is
  # logfilename          [owner:group]    mode count size when  flags [/pid_file] [sig_num]
  /var/log/system.log                     640  7     *    @T00  J
  In this case you are keeping 7 copies of the file and it will rotate at midnight (@T00).
  Increase the number in the count column to keep more copies.  Change the * to a file size if you want it to rotate based on size.  Change the when value if you want it to rotate at different time of day.
  Stop and start syslog with launchctl or reboot the machine after making the changes.

• ACS v5.1 View not showing full Admin Logs

  Hi,
       I am having trouble viewing all the Administration logs in ACS View. I have my Local Log Target set to a Maximum log retention period of 90 days. In ACS View I can display authentications that go back 90 days +
  However when I try and display the "ACS_Configuration_Audit" in View and perform a Custom query that goes back 90 days it will only display about 35 days of Admin logs.
  I know the logs are there because when I go into CLI and do a search like "show logging | i "ObjectType=Administrator Account" the Administration logs go back over a year.
  Does anyone know why ACS View cannot display all the Admin logs?
  The ACS is running v5.1.0.44 Patch 6 (Also experiencing this in a v5.2 ACS as well)
  This the query we are running:

  Hi Tarik,
         Thanks for the reply. I was aware there was a 100 page limit on View logs. However, when I am trying to to view the last 3 months of Admin logs I only get 3 pages which go back to Apr 11 on my 5.1 ACS and 8 pages that go back to Mar 1 on the 5.2 ACS. Is this an known issue or should I log a TAC case? (The admin logs go back a lot further in CLI)
  Many Thanks Rod

• ACS 5.4 logs

  Hi there people!
  Im currently deploying ACS 5.4 for our network and i have some questions regarding logging events on ACS. I have read all the documents that come with ACS regarding logging but im still a bit confused.
  As of now ACS should have been running for about a month. I however can only see a maximum of 1-2 days of logs within the monitoring interface. I can however retrieve the last 7 days from the CLI.
  Is there a way to configure ACS to show more entries within the web interface? Or even create custom reports with TACACS events (authentication, authorization and accounting) from within the monitoring viewer?
  Another thing, we have 2 ACS systems installed one being the primary and the other the secondary instance. However, when primary instance, which is also the main log collector, goes down, we get no logs from the secondary acs....Is there a way around this?
  Thanks for a ny pointers in advance!

  Hi,
  Data retention limit:
  Customize reports:
  http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.4/user/guide/viewer_reporting.html#wp1133308
  Workaround to that issue is keep the secondary ACS as the log collector.
  **Share your knowledge. It’s a way to achieve immortality.
  --Dalai Lama**
  Please Rate if helpful.
  Regards
  Ed