How to monitor Radius services on ACS 5.4
Hi All,
I want to monitor Radius services of ACS 5.4, In case of failure any radius service on ACS.
ACS should send alert to Syslogs or email notification
Is there any way to monitor Radius services ? Anyone have any idea how to monitor.
Regards.
Hi Narinder,
I dont think so there is any particular way you can do that, Because ACS 5.x doesnt have any particluar Radius service.
The services which are available and can be viewed through CLI and GUI are following:
Database
Management (ACS management subsystem)
Ntpd
Runtime (ACS runtime subsystem)
View-alertmanager
View-collector
View-database
View-jobmanager
View-logprocessor
htt https://www.cisco.com/c/en/us/td/docs/net_mgmt/cisco_secure_access_control_system/5-ususer/guide/acsuserguide/viewer_sys_ops.html#pgfId-1052845
Cheers
Minakshi
Similar Messages
-
How to monitor radius service in ACS 5?
Hi to all,
I have an ACS version 5 and the radius authentication is not working, i did a port scan to the ACS and I can't see the radius port open.
I tried to verify if the radius service is running but i can't find "where to" check that in this ACS 5 version, does anyone know where is that or what should i verify to see what the problem could be??
I also checked in the monitoring section but there is nothing matching radius authentication.
Thanks in advance for your help.Hi Narinder,
I dont think so there is any particular way you can do that, Because ACS 5.x doesnt have any particluar Radius service.
The services which are available and can be viewed through CLI and GUI are following:
Database
Management (ACS management subsystem)
Ntpd
Runtime (ACS runtime subsystem)
View-alertmanager
View-collector
View-database
View-jobmanager
View-logprocessor
htt https://www.cisco.com/c/en/us/td/docs/net_mgmt/cisco_secure_access_control_system/5-ususer/guide/acsuserguide/viewer_sys_ops.html#pgfId-1052845
Cheers
Minakshi -
How to monitor RAC services and nodeapps in Grid Control
Hi,
I have created a number of RAC service names such as GL on a 2-node RAC and would like to use Grid control 10.2.0.2 to monitor the availability of those services and nodeapps. I was not able to find anything in Grid Control that would allow me to configure that. What are being monitored now are the listeners, database instances and nodes. Would it be possible to monitor more than just the RAC listeners, instances and nodes?
thanks.I don´t think that there is an out-of-the-box metric. However, CRS monitors your services and Grid Control monitors CRS errors. If you need more granular monitoring, I have 2 suggestions:
1) user callouts:
[http://download.oracle.com/docs/cd/B28359_01/rac.111/b28254/hafeats.htm#RACAD7133]
2) extending oracle enterprise manager
I have written a paper on how to extend oem at [http://www.ora-solutions.net/web/papers/]
"Extending Oracle Enterprise Manager to collect HP-UX glance data"
You can follow the instructions to build a new target type called "RAC_SERVICE" and add your serivces as targets, e.g. S_BATCH, S_ONLINE, S_HR.
Best regards,
Martin Decker
www.ora-solutions.net
Edited by: mdecker on Jan 2, 2009 10:57 AM
Edited by: mdecker on Jan 2, 2009 10:59 AM -
How to monitor Hyperion services
Hi Experts,
Some of the services stop working/not responding randomly which we come to know when user inform us.
We find this is due to Hyperion services (like workspace and Planning) stop working.
Is there any workaround (or better way to monitor) so that user continue access all features without any trouble?
Normally we restart Hyperion services and everything again working normally.
Regards
KumarHi,
Try this link below. It describes how to get alerted when a service stops.
http://www.eggheadcafe.com/software/aspnet/31303233/you-will-need-to-create-a-bat-file-to-do-the-emailing-and-in-the-properties.aspx
Cheers,
Alp -
How to configure Radius failover in ACS 5.1
Hi,
I need to configure the ACS 5.1 to meet the following requirement :-
1. ACS 5.1 will point to a RSA SecurID as the first authentication mechanism for the validation of user credential
2. In the event that RSA SecurID is not reachable, the ACS 5.1 shall point to its local user database.
I had no problem configuring for Point (1), but I am not able to let it failover to the local user database.
Can any expert out there advise on the configuration portion?
regardsThis is the reply from the TAC engineer,
> I believe that you are hitting this bug:
>
http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method
> =fetchBugDetails&bugId=CSCtl05416
> While the notes for this bug talk about problems with AD, the same
> problem applies to _any_ identity sequence that you create.
> For example, if you create an Identity Store Sequence with the Identity
> Stores A and B, the ACS will _not_ go to Identity B if Identity Store A
> is not available. It does not matter what the order of identity stores
> is in the sequence. This is a known issue with ACS 5.2 and there is no
> work around.
>
> This problem will be resolved in the next release of ACS, which will be
> ACS 5.3. The 5.3 release will allow you to select what action is to take
> place is an Identity Store becomes unavailable.
> "
So would like to seek your opinion. In addition, also found this article.
http://blog.pbmit.com/digipass2 -
How to stop Radius/Tacacs service in ACS 5.2 ?
Hi, is there a way to stop the Radius/Tacacs service in ACS 5.2 from the GUI ?
There will be a more convoluted way to do it. Say for example want to do for RADIUS
- define an access service that should take all RADIUS request
- for identity policy authenticate against internal database and set the Advanced Option for "If user not found" to drop the request
This should silently drop all RADIUS requests
Can be done similarly for TACACS+ -
RE: How to monitor who has what service objectconnection?
We ran into this problem, specifically because we are using a dbsession
connection pattern and the dba's did not like loosing control over
connections. We have 8 subsystem, each with a dedicated connection that
is shared across multiple users. We also have a security pattern in
place that is token based. Since we have to pass a security token
through service objects we can track this information using a
"connection array" on the service object and a system agent to poll the
contents of the array. When a sql statement is invoked on a
persistence object we add the user to the array on the persistence
manager (SO). When the sql is complete we remove the user from the
array. Since the PO has a system agent we can ask the system agent at
anytime, who has an open connection/session with the PO. Since system
agents plug into econsole, the dba can go look any time.
Any questions, please contact
Chris [email protected] or
Gary [email protected]
MCI Systemhouse
From: ADRIAN PEGGY LYNN
To: [email protected]
Subject: How to monitor who has what service object connection?
Date: Tuesday, September 24, 1996 9:12AM
Here at Eli Lilly & Co., we have a customer that would like to know if
anyone out there has successfully
devised a method to be able to tell what user has what service object
connection. Basically, if a customer
calls the system administrator with a problem with the application, the
system administrator would like to
be able to kill certain processes. Right now, the database connections
running on the server all look the same.
Some ideas were generated internally, one referring to setting up agents
but we'd like to see if anyone
has had success in doing this already that we could use as a contact.
Thanks,
Peggy Adrian
Eli Lilly & Co.
[email protected]Hello Peggy,
I suggest that you make contact with Paolo Sidoli at DS Data (Italy). They
have written a very nice package called DORE that includes trouble shooting
utilities, that allow you to monitor what a remote user is doing (you can
actually see their screen!).
You can contact Paolo at [email protected]
Best regards,
Richard -
How to monitor ADFS 2012r2, Commercial services use HEAD and ADFS returns 500 instead of 200
I have set up an on-prim ADFS and an off-prim ADFS.
I want to use DNS Failover to monitor them and switch off-prim as required.
I've tried both Amazon Route 53 and DNS Made Easy monitoring, and both appear to use the HEAD command rather than the GET command. How can I monitor these services? ADFS 2012r2 does not seem to support the HEAD command.
curl -iX GET h t t p s ://fs.redclay.com/adfs/ls/idpinitiatedsignon.htm returns 200 whereas
curl -iX HEAD ... or curl -I ... return 500 or just hangs forever.
Only by the process of elimination have I come to the conclusion that the HEAD command is being used. I don't know how to sniffer SSL, but both DNSMadeEasy and AmazonAWS say the services are down when I know they are up.Hi,
Would you please be more specific about your requirements?
If you want to figure out how to use curl –iX command, you can refer to the Official Scripting forum below:
http://social.technet.microsoft.com/Forums/scriptcenter/en-US/home?forum=ITCG
If you have doubts about your third-party software, I suggest you contact third-party support to get accurate answers.
If you just want to monitor your ADFS servers, you can configure performance monitoring as this article guides:
Configure Performance Monitoring
http://technet.microsoft.com/en-us/library/ff627833.aspx
Best Regards,
Amy Wang -
How to monitor service failover in RAC?
Ok, I'm sure I'm being thick here, but i've been looking all morning and I can't figure out how to monitor when a service fails over from a preferred to available node.
I can't see any way to do it in OEM, and nor can I work out if it's supported by FAN
Does anyone have any suggestions before I start screaming/clawing at the screen?
Thanks
RupHello Buddy,
One of your users are using FAILOVER cause values SELECT and BASIC on query output. Another users connected on that moment no able to use FAILOVER probably caused by misconfigured TNSNAMES.ora file. Check it on client or apps server machines.
I hope this help u.
Sample of Tnsnames.ora
PRD =
(DESCRIPTION =
(LOAD_BALANCE = ON)
(FAILOVER = ON)
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCP)(HOST = RAC1-vip)(PORT = 1521))
(ADDRESS = (PROTOCOL = TCP)(HOST = RAC2-vip)(PORT = 1521))
(ADDRESS = (PROTOCOL = TCP)(HOST = RAC3-vip)(PORT = 1521))
(ADDRESS = (PROTOCOL = TCP)(HOST = RAC4-vip)(PORT = 1521))
(CONNECT_DATA =
(SERVER = DEDICATED)
(SERVICE_NAME = your_service_name)
(FAILOVER_MODE =
(TYPE = SELECT)
(METHOD = BASIC)
(RETRIES = 10)
(DELAY = 1)
Cheers,
Rodrigo Mufalani
http://mufalani.blogspot.com -
How to monitor Local IP Pools on ASA
Is there a way to monitor the availability or usage of Local IP pools on an ASA? Maybe an OID string that can be pulled by an NMS system. I would like to be alerted prior to the pool being exhausted.
As far as I know you can check this from your external authentication server so if its cisco acs acting a s radius server for your vpn clients then check under reports and activities >> logged-in user. It will show you the connected user along with the ip address they have got.
Lists all users receiving services for a single AAA client or all AAA clients. Users accessing the network with Cisco Aironet equipment appear on the list for the access point that they are currently associated with, provided that the firmware image on the Cisco Aironet Access Point supports sending the RADIUS Service-Type attribute for rekey authentications.
Note To use the logged-in user list feature, you must configure AAA client to perform authentication and accounting using the same protocol—either TACACS+ or RADIUS.
The same can be checked from the ASA by running
show vpn-session db
http://www.cisco.com/en/US/docs/security/asa/asa72/command/reference/s7_72.html#wp1135352
From ASDM go to Monitoring VPN >> sessions.
Hope this helps.
Rgds
Jatin
Do rate helpful posts~ -
Adding RADIUS VSAs on ACS 3.2 SE
I have tried to add a VSA to enable a Packeteer to authenticate using RADIUS on the ACS.
Using RDBMS synchronization to import the csv file below.
SequenceId,Priority,GroupName,Action,ValueName ,Value1,Value2,Value3
1,1,External,163,26,access=look,2334,1
The group name is 'External', Action is 163 which corresponds to ADD_RADIUS_ATTR.
From RDBMS Sychronization Import Definitions (http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/acs32/user/ag.htm#wp35130)
To add a vendor-specific attribute (VSA), set VN = "26" and use V2 and V3 as follows:
V2 = IETF vendor ID (which in this case is 2334)
V3 = VSA attribute ID (1)
V1 = In this case 'access=look'
After a couple of attempts I got the format correct but when I try and import the file I don't get an "INFO" message in the "Reports" section of the ACS indicating that the process was successful. I don't get any message at all, WARNING, ERROR or INFO.
From the FTP server I can confirm that the file was transferred.
What I should get is an INFO message similar to:
08/30/2004 16:27:50 INFO Sync complete: 1 transaction(s) 0 parse error(s) 0 process error(s)
Any ideas as to what is wrong would be much appreciated.
Cheers,
Aylmer.HI you need to import the RADIUS VSA for PAcketeer from their site.
The link to the steps as shown below is ( might require u to subscribe & login)
https://packeteer.custhelp.com/cgi-bin/packeteer.cfg/php/enduser/std_adp.php?p_faqid=399&p_created=1046793530&p_sid=gszcDFBh&p_lva=&p_sp=cF9zcmNoPTEmcF9zb3J0X2J5PWRmbHQmcF9ncmlkc29ydD0mcF9yb3dfY250PTImcF9wcm9kcz0wJnBfY2F0cz0wJnBfcHY9JnBfY3Y9JnBfc2VhcmNoX3R5cGU9YW5zd2Vycy5zZWFyY2hfZm5sJnBfcGFnZT0xJnBfc2VhcmNoX3RleHQ9YWNz&p_li=&p_topview=1
IN any case the same content is copied below:-
Also the stpes on how to do them is listed here
Create a User Defined Vendor
First, you need to create a User Defined Vendor.
1. Create a text file (packet.ini) and enter the following:
[User Defined Vendor]
Name=Packeteer
IETF Code=2334
VSA 1=Packeteer-AVPair
[Packeteer-AVPair]
Type=STRING
Profile=OUT
2. Name the file packet.ini.
Add the Vendor to the Database
Next, you need to add the above vendor to the database.
1. Go to the command prompt, and change the directory to the Cisco Secure utils directory (typically C:\Program Files\CiscoSecure ACS v3.0\Utils).
2. The instructions below install the vendor into User Defined slot 0. If you have other vendors, you need to change this number to a free slot. To see a list of slots and their assignments, use the csutil -listudv command. For example:
C:\Program Files\CiscoSecure ACS v3.0\Utils>csutil -listudv
CSUtil v3.0(2.5), Copyright 1997-2002, Cisco Systems Inc
UDV 0 - Unassigned
UDV 1 - Unassigned
UDV 2 - Unassigned
UDV 3 - Unassigned
UDV 4 - Unassigned
UDV 5 - Unassigned
UDV 6 - Unassigned
UDV 7 - Unassigned
UDV 8 - Unassigned
UDV 9 - Unassigned
3. Run csutil -addudv to and add Packeteer to UDV (User Defined Vendor) slot 0 or the next
open slot.
C:\Program Files\CiscoSecure ACS v3.0\Utils>csutil -addudv 0 c:\temp\packet.ini
CSUtil v3.0(2.5), Copyright 1997-2002, Cisco Systems Inc
Adding or removing vendors requires ACS services to be re-started.
Please make sure regedit is not running as it can prevent registry
backup/restore operations
Are you sure you want to proceed? (y/n)y
Parsing [c:\temp\packet.ini] for addition at UDV slot [0]
Stopping any running services
Creating backup of current config
Adding Vendor [Packeteer] added as [RADIUS (Packeteer)]
Adding VSA [Packeteer-AVPair]
Done
Checking new configuration...
New configuration OK
Re-starting stopped services
Verify that Packeteer was added.
C:\Program Files\CiscoSecure ACS v3.0\Utils>
C:\Program Files\CiscoSecure ACS v3.0\Utils>csutil -listudv
CSUtil v3.0(2.5), Copyright 1997-2002, Cisco Systems Inc
UDV 0 - RADIUS (Packeteer)
UDV 1 - Unassigned
UDV 2 - Unassigned
UDV 3 - Unassigned
UDV 4 - Unassigned
UDV 5 - Unassigned
UDV 6 - Unassigned
UDV 7 - Unassigned
UDV 8 - Unassigned
UDV 9 - Unassigned
4. Return to ACS Admin and select Network Configuration.
From the main screen select Network Configurtion and add the PacketShaper by supplying the AAA client Hostname, IP address: , Key. Scroll through the Authenticate Using choices and select RADIUS (Packeteer).
5. From the main screen select User Setup and enter a user name for a Touch or Look access user to the Packet Shaper. Supply the PAP/CHAP password. Leave other fields at defaults and scroll to the bottom
of the form. Be sure the Packeteer-AVPair box is selected and supply either
"access=touch" or "access=look" in the available entry space. -
CSS Script for checking RADIUS Service
Hi,
We are using CSS 11501 boxes for load-sharing RADIUS (NAC) requests between different ACS Servers.
How can I configure a keepalive method for checking the RADIUS service on the ACS Servers ?
If this needs to be a script then Can anyone provide some hints\tips ?
Thanks,
NamanThis needs to be a script.
The best way would be to sniff a request/response from a known user [or fake user], then extract the udp header + payload in hex format, then create a CSS script to send the hex formatted query and to verify that the hex formatted response matches the server response.
I believe the ap-kal-dns script uses a similar approach so you can look at it to get an idea of what you have to do.
Gilles. -
How to monitor a specific transaction in Solution Manager ?
Hi all,
I have configured the Service Level Reporting and it works correctly.
But i don't know how to monitor a specific transaction like SM21, DB02, FB01N etc... ?
In the SL Reports configuration steps, we can configure this option : Select Business Processes For SL Report. I did a lot of tests but it does not work.
Have i to configure the Business Process Monitoring ?
Thanks.Hello,
it depends a little on what you want to do. If you use the pure CCMS monitoring with the table ALTRAMONI you get average response time per instance and you only get new measurements once the status changes from green to yellow or red.
In order to get continuous measurements you should look into Business Process Monitoring and the different documentations under https://service.sap.com/bpm --> Media Libary --> Technical Information. E.g. the PDF Setup Guide for Application Monitoring describes this "newer" dialog performance monitor. Probably you have to click on the calendar sheet in the Media Libary to also see older documents as well. As the Business Process Monitoring integrates with BW (there is also a BI Setup Guide in the Media LIbrary) you can get trendlines there. This BW integration also integrates back with SL Reporting.
Some guidance for SL Reporting is probably given under https://service.sap.com/rkt-solman but I am not 100% sure.
Best Regards
Volker -
How to monitor OSD TS failure and get alert or report?
How to monitor OSD TS failure and get some alert or generate an report?
We have SCCM 2012 R2 CU1 with MDT 2013.
I have checked the OSD reports in SCCM and everyone is emty, where do SCCM get data to the what to activate?
(I thinking of "Task Sequence - Deployment Status" reports)
I am not sure people read report manually or lock at the MDT monitor view. So best I think that generate an email or incident in Service Manager when an TS fails.
We do have SCOM, SCSM, SCO.
Is there anyone that can point what way or what option I have?
/SaiTechSpecifically you could use this Status Message Query syntax to monitor your Task Sequences for errors:
select stat.*, ins.*, att1.*, att1.AttributeTime from SMS_StatusMessage as stat left join SMS_StatMsgInsStrings as ins on stat.RecordID = ins.RecordID left join SMS_StatMsgAttributes as att1 on stat.RecordID = att1.RecordID inner join SMS_StatMsgAttributes
as att2 on stat.RecordID = att2.RecordID where att2.AttributeID = 401 and att2.AttributeValue = "DOJ200A1" and stat.SiteCode = "DOJ" and att2.AttributeTime >= ##PRM:SMS_StatMsgAttributes.AttributeTime## order by att1.AttributeTime desc
Just replace DOJ200A1 with the Deployment ID of your Task Sequence and DOJ with your SiteCode.
If you want to generate an alert if the TS fails then you could run a script that calls a utility (or similar) which sends a pre-configured email to a specified address (as an alternative to Torten's response). This could be placed in the built in error
logging section of the SCCM integrated MDT Task Sequence when it fails which I assume you are using (right at the bottom, called Gather Logs and StateStore on failure).
There are heaps of ways of generating an email from a TS and controlling error logging just do a search - as you have Service Manager you could even use your instance of Orchestrator and call a run book in your TS which does the email?
Cheers
Damon -
How to monitor all SAP Server through solution Manager?
Dear Friends,
How to monitor all SAP Server through solution Manager?
Is it possible if yes then how? Please forward configuration and transaction also.
Please help me as early as possible..
Thanks,
Regards,
SachinHi sachin,
You can monitor your sattilite systems through solution manager.
If you want to monitor systems in solution manager means you need to configure those systems in solution manager.
Before including the systems in solution manager we need to create a solution using tcode <b>DSWP</b>.
After that you can include the systems using tcode <b>SMSY</b>.
For configuring the systems we have lot of phases its very difficult to explain here.
Try to login to<b> service.sap.com</b> and <b>help.sap.com</b> find the helpfull guides.
i hope it will help you.
any issues post it.
kiran kumar.v
Maybe you are looking for
-
External Hard Drive No Longer able to Mount
When my dad's iMac G3's power died we turn his G3's internal hard drive into a external so he could mount it to his new user account on my iMac G5. It's been fine until I recently had to force power of my computer. Now his G3 HD won't mount. We have
-
N8 on NOKIA Belle - Audio songs are not working an...
I installed Nokia Belle yesterday, but all my songs (Downloaded from OVI Music) are not working anymore. Its saying either the licence is expired or missing. Can anyone please help me out ? Regards, Vishal Soni Solved! Go to Solution.
-
55SL417U has no sound from any input
55SL417U has not sound from any input. Have it setup on color stream 1 with RBG and L/R sound input, but when adding sn B26518T24851A1. No sound. No sound from colorstream input (RGB/LR) No sound from Video 1 or Video 2. No sound from Netflix app
-
Hello, I would like to download the manuals of the SoudBlaster Audigy 2 ZS Platinum Pro Unfortunately the manuals downloadable from the Creative web site are in chm format. Is there a way to download the manuals in a more printable format like pdf or
-
Dreamweaver CS6 PhoneGap build with Camera support for Android Device
I am trying to build a simple app that triggers the camera in my Samsung N7000 device. I have built the app using Dreamweaver CS6 using the builting phonegap build support. I am using the Windows version of Dreamweaver CS6. When the app is built it s