Cisco Security manager syslog.log file problem
Hello
I have this problem with the CSM, the next file Syslog.log (C:\Program Files\CSCOpx\log\Syslog.log ), this file grows very fast to fill the hard disk and saturates the server, I have tried the log rotation of the cisco works but it doesnt work, what else can i do?
the hard drive fills in 4 hours. tankyou
In CSM clinet under Tools > CSM Administration > Debugging you can changing the level to something higher than debugging.
I hope it helps.
PK
Similar Messages
-
Cisco Security Manager logging
Hello Experts,
Can anyone help me, how can i configure CSM 4.0 to capture its logs.
I want to read logs of Cisco Security Manager itself, so how can i do that & in which location it captures it log file.There are multiple server logs (47 of them on my CSM 4.4 setup) all stored on the server itself and accessible from Windows Explorer.
You will need to RDP to the server and look at the log directory under the path where you installed CSM. -
Cisco Security Manager (CSM) License Problem
Hi All,
We have CSM V3.2 with Professional license edition and support 50 devices. It's installed properly in the Cisco Security Manager client as appeared in the attachement but the problem is in the server administration- license management which doesn't include any records for license (see attachment).
I tried to upload the .lic file by clicking the Update button in server administration but an error message appeared stated that the license file is corrupted although it's installed properly in CSM client!!!
Could you please advise what's the problem and what should I do?
Thanks in Advance!Sorry but Cisco seems to have removed that product bulletin from cisco.com.
Your reseller can use Cisco Commerce Workspace (CCW) to order the correct part number for your CSM installation. There is a unique number for each licensing level and/or upgrade.
For instance, for a 10-device standard license, the support would be part number CON-SAS-CSMST10K.
For the 100-device Pro license, the support would be CON-SAS-CSMPR4K9.
The reseller needs to adjust the support term (12-60 months) to suit when ordering. -
Syslog Reports not collect Syslog.log file Messages
I am doing a installation on CiscoWorks 3.2. after two three weeks I found my syslog services is not working properly. Once I checked on the syslog.log its updated with the device logs as normal. But when I am going to generate report it’s not collect data from the syslog log file. I have notice my syslog analyzer and syslog collator processes are shown as = Program started - No mgt msgs received. Is this normal on the LMS serve?
Anyway I found following error massagers on the SyslogAnalyzer.log file.
cisco.nm.xms.ctm.common.CTMException: CTMRegistryClient::addNewURNEntry URN : SyslogAnalyzerService ErrMsg : URN already in use
at com.cisco.nm.xms.ctm.server.CTMServer.publish(CTMServer.java:253)
at com.cisco.nm.xms.ctm.server.CTMServer.publish(CTMServer.java:180)
at com.cisco.nm.rmeng.sa.SyslogAnalyzerEngine.registerWithCtm(SyslogAnalyzerEngine.java:2267)
at com.cisco.nm.rmeng.sa.SyslogAnalyzerEngine.start(SyslogAnalyzerEngine.java:2189)
at com.cisco.nm.rmeng.sa.SyslogAnalyzerService.main(SyslogAnalyzerService.java:109)
please I need your expertise knowledge to sort out this problem.
Thank you,
Chandimal.k
+94777420771Hi,
Errors Found:
SyslogCollector - [Thread: main] WARN , 15 Dec 2011 14:33:46,505, Unable to resurrect connection to a subscriber.
URN : SyslogAnalyzerService ErrMsg : URN already in use
Try deleting the ctmregistry and ctmregistry.backup files and regenerat your SSL certificate and then resubscribed to the syslog collector.
1. net stop crmdmgtd
2. delete all the server.* files in ../CSCOpx/MDC/Apache/conf/SSL
3. Open a dos shell and cd to:
../CSCOpx/MDC/Apache, and run: perl ConfigSSL.pl -disable and then again perl ConfigSSL.pl -enable
You will see now a lot of questions, please make sure that you enter correctly the question of FQDN!
4. if you don't want to use SSL, run again: perl ConfigSSL.pl -disable
If you use SSL please don't do anything.
5. net start crmdmgtd
Then wait fifteen minutes for all the LMS services to come up before testing.
Thanks -
Help for Cisco Security Manager
Hi All,
Please help me how cisco security manger is managing logs from different devices.
For example cisco security manager can manage FWSM, ASA, IPS devices.
Does it stores logs from this devices into some central location where CSM is being installed in some database or some file.
Can I be able to read logs for all those devices including CSM from one single point. Please help me.Hi Bidyut,
When CSM services are running, Event Viewer can show the events in real time.
You are right about backup. When CSM application backup is running, its services on the server are stopped. So, there is a risk of loosing logging events that are sent to CSM server during the period of backup. By scheduling backup out of user-activity hours, risk of losing important events can be minimized.
On the other hand, events on IPS devices have to be polled from the device. So, there is no loss of IPS events in case of CSM application backup.
Thanks & Regards,
Chetan -
FlexConfigs in Cisco Security Manager 3.2.1 SP1
Hi,
I have a problem with Cisco Security Manager 3.2.1 SP1 (fresh intall).
When I create a FlexConfig with any IP AUDIT commands or VPDN (for PPPoE config) every time I deploy the configurations in file the flexconfig is repeated in the configuration. The behavior is the same on PIX and ASA configuration.
If I deploy 20 times my devices than I'll have 20 times the same line in the configuration !
Any way to solve that problem in CSM??
The server is Win 2003 Standard English and there's absolutely nothing else than CSM installed on it...so??Hello,
I'm having the same problem for one of our customers! but flexconfig didn't work!
Can you please be more specific what exactly you did! Flex config doens't remove generated command it's adding the no crypto ca enroll 'trustpoint name' after the generated crypto ca enroll 'trustpoint name'
I've been also looking for related bugs but didn't find any!
Regards -
Cisco Security Manager IOPS for Storage (VM Deployent)
Hi,
I've been asked by a client about the Cisco Security Manager requirement to have 1TB of storage for events and another for archiving.
They wish to know the IOPS requirement for this storage. Please could anyone assist in this ?
Many thanks,
MarkHi,
I'm not sure that I can really help you, but I can verify that on my CSM 4.5 server which is running normally, that service has a starup type of automatic and is in the "Started" state.
You may want to check your system and application event logs to see if there are any messages that could explain why it stopped.
Regards,
Matt -
Unable to Install Cisco Security Manager
Hi,
I facing issue when trying to install Cisco Security Manager in my Windows Server 2008.
I had attach the print screen of my server version and error message.
The error message had mention that it was due to unsupport OS or terminal service.
But, i check and it show that my Window Server was the recommend version and no terminal service been enable.Hi Vincent,
Please understand that Window Server 2008 R2 Enterprise Server is not same as Windows Server 2008 Enterprise Server. I had faced the same problem earlier. The R2 version is supported only CSM 4.1 onwards.
Regards,
Chetan -
Cisco security Manager Backup error
i am getting the below error after the backup in Cisco Security Manager 3.2
[Sun Dec 20 00:00:05 2009] ERROR(313): D:/backup.LOCK file exists
Most probably another backup process is running
[Sun Dec 20 00:00:05 2009] Backup failed: 2009/12/20 00:00:05
i have deleted the backup.LOCK file and tried it is giving the same error.
any one help me in this.
thanks in advance.Update:
WHen performing the same action through the client interface, rather than from the server interface the backup has appeared to work.
Is this a feature?
Needless to say I was able to run a backup.
Steve -
Cisco Security Manager Local RBAC Authentication Radius assign user role
Is it possible to use Cisco Security Manager with local RBAC, authenticate the user to Radius and retrieve it's role from Radius. Getting the authentication to work isn't the problem, but is it also possible to return the role the user has (i.e. Super Admin) via Radius, without having to create all the users one-by-one in the local CSM database with the correct role.
Can i use a certain Cisco-AV-Pair attribute to return the user role via Radius?I just got asked to look at the same situation by one of our security people.
We have exactly the same problem but it reports a username of "*****" and we are running CSM 4.7 (upgraded last week) -
Import Network host objects to Cisco Security Manager
Is it possible to import complete lists of Network Hosts objects to Cisco Security Manager?
Exporting the hosts already defined in the ASAs is easy but how to import them in CSM??
ThanksNo hostnames discovered go the Policy Object Manager (nor to the Access rules), only group-names (there's a bug in ASAs related to single host names too). The way CSM handles single hosts is previously creating them, so when we later discover devices, the single hosts names set in the discovered device are not considered, only their IP addresses; then you can see that in the discovered access rules CSM shows the hostname as the previously defined ones in the Policy Object Manager. If you dont define those hostnames before the device discovery, you will only see IP addresses, no hostnames, no matter they are set in your firewalls.
Imagine discovering a couple FWSM modules with 500 access rules, and you only get to see the IP addresses of the 2,500 hosts on your network. And you have all those hosts already defined in your FWSM firewalls, when you log via ASDM you view your hard created rules with hostnames, and when you log to CSM you only view IP addresses. The clients get very disappointed with CSM after that, and discard it. The bigger the network, the faster they reject CSM.
The only way to add hosts in the Policy Object Manager is 1 by 1. But as this may have happened to more than one company and considering how easy it is to code a feature like that, I assume that it's possible to import a complete list of single hosts to CSM.
is that really possible? it should be.
thanks for the replies so far -
Hi,
I'm looking into Cisco Security Manager. From what I understand you can monitor and manage Cisco security appliances. I'm interested in the monitoring of our Cisco ASAs - specifically, monitoring VPN sessions and their trending over months at a time and I would like to monitor other Cisco devices on the network for link problems/performance and such - I don't want to use Cisco Security Manager as a management point. Would Cisco Security Manager not be the right tool for this?
We have SolarWinds and I've heard that you can assign UnDPs(Device Pollers) to devices you want to monitor, including ASAs and these pollers can give you trending for VPN sessions with graphing. I just want to make the most of our budget dollars.
Any advice?
Thanks, Pat.CSM 4.3 and above can be used to monitor VPN sessions on Cisco ASAs. You can definitely use CSM as a monitoring only solution for ASAs (without using it for management). You can also explicitly disable policy change privileges for all admins so they do not modify stuff by mistake. Note however that CSM is primarily focused on end-to-end management scenarios (including policy change, troubleshooting, reporting, etc). So you may not find all the bells and whistles in CSM for monitoring scenarios that you may find with some of the pure monitoring only solutions.
-
Failed to setup Velocity Engine ... in Cisco Security Manager
Anyone having problems trying to validate syntax in a FlexConfig in Cisco Security Manager?
CSM version 4.4.0 SP2
Java 1.6.0_14-b08
I have heard that there are issues with earlier versions of Java.
I have also heard that this problem was fixed in CSM
Any ideas anyone?
AdrianI believe this is where you need to run CSM Configuration Manager as Administrator. I had that issue, and I think the note about this is in the Install Guide.
HTH
Paul -
Deleting multiple devices in Cisco Security Manager
I imported 200 devices from configuration files in cisco security manager which I need to remove again due to updates in the predeployed configurations...
Does anyone know how to remove devices without selecting every single one and clicking "delete" or restoring the database? :)
Thanks!Maybe from the common services webpage you could select multiple devices at a time ?
-
Cisco Security Manager 3.2.1 Sp1 and Public Key Infrastructure
Hi, all!
Recently I created configuration on PIX (FOS 7.2.4) with Cisco Security Manager 3.2.1 Sp1 to allow to work with certificate-based authentication of VPN connections. CSM created necessary commands (and unfortunately many necessary commands left unsupported too). But every time I upload new configuration (even with untouched PKI configuration) CSM adds following command - "crypto ca enroll CA-NAME noconfirm".
Right now I created FlexConfig which just do "no crypto ca....". And it works. But is there more clean solution? Why do I need to enroll every deployment?
Wait for answers.
With best regards
MaximHello,
I'm having the same problem for one of our customers! but flexconfig didn't work!
Can you please be more specific what exactly you did! Flex config doens't remove generated command it's adding the no crypto ca enroll 'trustpoint name' after the generated crypto ca enroll 'trustpoint name'
I've been also looking for related bugs but didn't find any!
Regards
Maybe you are looking for
-
I'm getting this error message when I try to save my files and it is happening often enough that it bothers me. This is very sudden - within the last week or two. I have Photoshop CS5, using Windows 7. I get the error message "Could not save as *** b
-
Problem With Package Statement
Hello - I am semi new to Java and I am trying to place two classes I have created into a package. At the top of both classes I have the statement: package mycode.stringtests; I have saved both files into d:\jf\mycode\stringtests and set my classpath
-
Since upgrading to yosemite my sky email account won't work on my mac although it works on my iPad
since upgrading to yosemite my sky email account won't work on my mac although it works on my iPad
-
I have Mac OS X 10.6.8. I recently had to download Office for Mac 2011, as my company mandated this over my objections. On the first 20-page Word file I received, the file looked fine until I applied track changes and made the first edit. At that poi
-
hi experts. i am subhasis total 2.4 years experience as a sap abap programmer. now i got offer from ibm & work is assigned in sap plm projects. can u guide me about sap plm . please send some documents if possible. mainly the role of sap abap progra