Guest

CiscoWorks Network Compliance Manager

Installation and Configuration Guide for CiscoWorks Network Compliance Manager Alert Center 1.3

  • Viewing Options

  • PDF (300.3 KB)
  • Feedback
Installation and Configuration Guide

Table Of Contents

CiscoWorks Network Compliance Manager Alert Center 1.3

CiscoWorks NCM Alert Center 1.3 Installation

Installing CiscoWorks NCM Alert Center on a Windows Server

Pre-Installation Requirements

Installing the CiscoWorks NCM Alert Center

Installing the CiscoWorks NCM Alert Center in Debugging Mode

Installing CiscoWorks NCM Alert Center on a Solaris Server

Pre-Installation Requirements

Installing the CiscoWorks NCM Alert Center

Installing the CiscoWorks NCM Alert Center in Debugging Mode

Installing CiscoWorks NCM Alert Center on a Red Hat Enterprise Linux Server

Pre-Installation Requirements

Installing the CiscoWorks NCM Alert Center

Installing the CiscoWorks NCM Alert Center in Debugging Mode

Configuring a Proxy Server During CiscoWorks NCM Alert Center 1.3 Installation

Installing CiscoWorks NCM Alert Center in an Air Gapped Environment

Installing CiscoWorks NCM Alert Center in a High Availability Environment

CiscoWorks NCM Alert Center Configuration

Configuring CiscoWorks NCM Alert Center

Configuring Services and Streams

Scheduling CiscoWorks NCM Alert Center to Recur

Scheduling the CiscoWorks NCM Alert Center to Run as an External Application Task

Uninstalling the CiscoWorks NCM Alert Center

Launching the CiscoWorks NCM Alert Center

Command Line Options, Importing Content, and Log Files

Command Options

Command Line Options

Importing Content

CiscoWorks NCM Alert Center Log File

Downloading and Importing Content in an Air Gapped Environment

Known Issues

Accessing the CiscoWorks NCM Documentation Set

Obtaining Documentation and Submitting a Service Request

Notices

OpenSSL/Open SSL Project

License Issues


Installation and Configuration Guide

CiscoWorks Network Compliance Manager Alert Center 1.3


Published: April, 2009, OL-15532-02

This guide describes installing and configuring CiscoWorks Network Compliance Manager (NCM) Alert Center on Windows, Solaris, and Red Hat Enterprise Linux platforms.

CiscoWorks NCM Alert Center is a subscription service that provides network vulnerability alerts on an on-going basis. This guide will assist you in setting up the Alert Center to operate with CiscoWorks NCM.

CiscoWorks NCM Alert Center is a unique security service. Unlike traditional alerts that are typically delivered via email, the Security Alert service delivers alerts as CiscoWorks NCM software compliance policies. As a result, you can rapidly identify all vulnerable devices across your network and perform remediation before your environment is compromised. With Alert Center, your CiscoWorks NCM server automatically checks for and downloads security alerts as they become available.


Note CiscoWorks NCM Alert Center 1.3 requires CiscoWorks NCM, Release 1.3 SP2 or higher.


This guide contains the following sections:

CiscoWorks NCM Alert Center 1.3 Installation

Configuring a Proxy Server During CiscoWorks NCM Alert Center 1.3 Installation

Installing CiscoWorks NCM Alert Center in an Air Gapped Environment

Installing CiscoWorks NCM Alert Center in a High Availability Environment

CiscoWorks NCM Alert Center Configuration

Uninstalling the CiscoWorks NCM Alert Center

Launching the CiscoWorks NCM Alert Center

Command Line Options, Importing Content, and Log Files

Known Issues

Accessing the CiscoWorks NCM Documentation Set

Obtaining Documentation and Submitting a Service Request

Notices


Note All documentation, including this document and any or all of the parts of the CiscoWorks NCM documentation set, might be upgraded over time. Therefore, we recommend you access the CiscoWorks NCM documentation set using the Cisco.com URL: http://www.cisco.com/en/US/products/ps6923/tsd_products_support_series_home.html


The Docs tab visible from within CiscoWorks NCM might not include links to the latest documents.

1 CiscoWorks NCM Alert Center 1.3 Installation

This section explains how to install and configure CiscoWorks NCM Alert Center 1.3 on a Windows server, a Solaris 9 or Solaris 10 server, or a Red Hat Enterprise Linux 3 (RHEL3) or Red Hat Enterprise Linux 4 (RHEL4) server. See the section appropriate for your platform:

Installing CiscoWorks NCM Alert Center on a Windows Server

Installing CiscoWorks NCM Alert Center on a Solaris Server

Installing CiscoWorks NCM Alert Center on a Red Hat Enterprise Linux Server


Note If you have a prior version of CiscoWorks NCM Alert Center installed, delete the existing CiscoWorks NCM Alert Center installation directory before installing the CiscoWorks NCM Alert Center 1.3. Refer to the section Uninstalling the CiscoWorks NCM Alert Center for instructions. Also be sure to back up your existing policies.


Installing CiscoWorks NCM Alert Center on a Windows Server

This section explains how to install and configure the CiscoWorks NCM Alert Center 1.3 on a CiscoWorks NCM Windows server.

Pre-Installation Requirements

Before you begin to install CiscoWorks NCM Alert Center 1.3 on a Windows server, make sure you have the following:

The credentials to login into www.cisco.com and to reach the CWNCM software download location at http://www.cisco.com/cgi-bin/tablebuild.pl/cwncm-crypto

Access to unzip or an equivalent archiving utility.

A CiscoWorks NCM Windows server running successfully.

Windows administrator access to the CiscoWorks NCM server.

An SMTP Server set up and accessible from the CiscoWorks NCM server.


Note If you have a prior version of CiscoWorks NCM Alert Center installed, delete the existing CiscoWorks NCM Alert Center installation directory before installing the CiscoWorks NCM Alert Center 1.3. Refer to the section Uninstalling the CiscoWorks NCM Alert Center for instructions on backing up your existing policies.


Installing the CiscoWorks NCM Alert Center

To install the CiscoWorks NCM Alert Center 1.3 Windows server, do the following:


Step 1 Navigate to http://www.cisco.com/cgi-bin/tablebuild.pl/cwncm-crypto to download the Alert Center package.

Step 2 Enter your www.cisco.com username and password to login.

Step 3 Select the CWNCM-AlertCenter-Windows-Installer-2.0.1.K9.zip file to download. When prompted, save the .zip file to a temporary location on your local drive such as Desktop.

Step 4 In the directory to which you downloaded the .zip file, unzip the file to a temporary directory. For example, C:\temp. Keep the subdirectory structure intact.

Step 5 Launch the Installer from the directory where the files were unzipped. For example, C:\temp\alert_center\install.exe.

The following prompt appears:

Enter your CiscoWorks NCM Username:

Step 6 Enter your CiscoWorks NCM username. The following prompt appears:

Enter your CiscoWorks NCM Password:

Step 7 Enter your CiscoWorks NCM password. This password will be encrypted with the encrypt-passwords command.

Step 8 Enter your preferred installation directory for the CiscoWorks NCM Alert Center. The default install location is [C:\alert-center-content-cache].

The following prompt appears:

Enter your Cisco.com username:

Step 9 Enter the Cisco.com username of the user that will be entitled to use the service. The following prompt appears:

Enter your purchase order number:

Step 10 Enter your purchase order number. The following prompt appears:

Enter your Sales Order number:

Step 11 Enter your Sales Order number. The following prompt appears:

Enter your company's name as it appears on the invoice:

Step 12 Enter your company's name as it appears on the invoice. The following prompt appears:

Enter the email address that the confirmation number should be sent to:

Step 13 Enter the email address that the confirmation number should be sent to. The following prompt appears:

Enter your full name:

Step 14 Enter your full name. A message appears that the installation was successful.

Step 15 Click Enter to exit the Installer and return to the prompt.

Step 16 An email will be sent to ncmac-subscription@cisco.com that contains the information used to authorize your Cisco.com account to the service.

If there is an error sending the email message, the following message appears: An error occurred when attempting to send the registration email to Cisco. Please send an email to ncmac-subscription@cisco.com that contains the content of the file <CWNCM_install_directory>\content\registration_email.txt. The install was otherwise successful.


You will need to wait for your account to be authorized before proceeding.

If the installation fails, uninstall CiscoWorks NCM Alert Center using the instructions in the "Uninstalling the CiscoWorks NCM Alert Center" section and install CiscoWorks NCM Alert Center in Debugging mode using the instructions in the "Installing the CiscoWorks NCM Alert Center in Debugging Mode" section. Capture the console output and logs and contact Cisco Technical Support.

Installing the CiscoWorks NCM Alert Center in Debugging Mode

You can launch the Installer in debug mode to create a log for debugging purposes. Launch the Installer from the directory where the files were unzipped. For example, C:\temp\alert_center\install.exe debug. The rest of the installation process is unchanged. The installer log created in debug mode is located in

<Alert Center Install Directory>\accc\log\alert-center-content-cache.log

Installing CiscoWorks NCM Alert Center on a Solaris Server

This section explains how to install and configure the CiscoWorks NCM Alert Center 1.3 on a Solaris 9 or Solaris 10 server.

Pre-Installation Requirements

The following are requirements for installing CiscoWorks NCM Alert Center 1.3 on a Solaris server:

Credentials to login into www.cisco.com and to reach the CWNCM software download location at http://www.cisco.com/cgi-bin/tablebuild.pl/cwncm-crypto

Root permission to install software.


Note If you have a prior version of CiscoWorks NCM Alert Center installed, delete the existing CiscoWorks NCM Alert Center installation directory before installing the CiscoWorks NCM Alert Center 1.3. Refer to the section Uninstalling the CiscoWorks NCM Alert Center for instructions on backing up your existing policies.


Installing the CiscoWorks NCM Alert Center

To install the CiscoWorks NCM Alert Center1.3 Solaris server, do the following:


Step 1 Navigate to http://www.cisco.com/cgi-bin/tablebuild.pl/cwncm-crypto to download the Alert Center package.

Step 2 Enter your www.cisco.com username and password to login.

Step 3 Select the CWNCM-AlertCenter-Solaris-Installer-2.0.1.K9.zip file to download. When prompted, save the .zip file to a location on your local drive.

Step 4 Create a temporary directory to store the CiscoWorks NCM Alert Center installer, for example:

mkdir /tmp/AlertCenter

Step 5 Unzip the downloaded .zip to the temporary directory:

unzip AlertCenterContentCache-Solaris-Installer-2.0.1.zip -d /tmp/AlertCenter/

Step 6 To launch the installer, type the following command:

/tmp/AlertCenter/install.sh

The following prompt appears:

Enter your CiscoWorks NCM Username:

Step 7 Enter your CiscoWorks NCM username. The following prompt appears:

Enter your CiscoWorks NCM Password:

Step 8 Enter your CiscoWorks NCM password. This password will be encrypted with the encrypt-passwords command.

Step 9 Enter your preferred installation directory for the CiscoWorks NCM Alert Center. The default install location is [/opt/cisco/alert-center-content-cache].

The following prompt appears:

Enter your Cisco.com username:

Step 10 Enter the Cisco.com username of the user that will be entitled to use the service. The following prompt appears:

Enter your purchase order number:

Step 11 Enter your purchase order number. The following prompt appears:

Enter your Sales Order number:

Step 12 Enter your Sales Order number. The following prompt appears:

Enter your company's name as it appears on the invoice:

Step 13 Enter your company's name as it appears on the invoice. The following prompt appears:

Enter the email address that the confirmation number should be sent to:

Step 14 Enter the email address that the confirmation number should be sent to. The following prompt appears:

Enter your full name:

Step 15 Enter your full name. A message appears that the installation was successful.

Step 16 Click Enter to exit the Installer and return to the prompt.

Step 17 An email will be sent to ncmac-subscription@cisco.com that contains the information used to authorize your Cisco.com account to the service.

If there is an error sending the email message, the following message appears: An error occurred when attempting to send the registration email to Cisco. Please send an email to ncmac-subscription@cisco.com that contains the content of the file <CWNCM_install_directory>/content/registration_email.txt The install was otherwise successful.


You will need to wait for your account to be authorized before proceeding.

If the installation fails, uninstall CiscoWorks NCM Alert Center using the instructions in the "Uninstalling the CiscoWorks NCM Alert Center" section and install CiscoWorks NCM Alert Center in Debugging mode using the instructions in the "Installing the CiscoWorks NCM Alert Center in Debugging Mode" section. Capture the console output and logs and contact Cisco Technical Support.

Installing the CiscoWorks NCM Alert Center in Debugging Mode

You can launch the Installer in debug mode to create a log for debugging purposes. To launch the Installer, enter the following command:

./install.sh debug

The rest of the installation process is unchanged. The installer log created in debug mode is located in

<Alert Center Install Directory>/accc/log/alert-center-content-cache.log

Installing CiscoWorks NCM Alert Center on a Red Hat Enterprise Linux Server

This section explains how to install and configure the CiscoWorks NCM Alert Center 1.3 on a Red Hat Enterprise Linux 3 (RHEL3) or Red Hat Enterprise Linux 4 (RHEL4) server.

Pre-Installation Requirements

The following are requirements for installing CiscoWorks NCM Alert Center 1.3 on a Red Hat Enterprise Linux server:

Make sure you have the credentials to login into www.cisco.com and to reach the CWNCM software download location at http://www.cisco.com/cgi-bin/tablebuild.pl/cwncm-crypto

Root permission to install software.


Note If you have a prior version of CiscoWorks NCM Alert Center installed, delete the existing CiscoWorks NCM Alert Center installation directory before installing the CiscoWorks NCM Alert Center 1.3. Refer to the section Uninstalling the CiscoWorks NCM Alert Center for instructions on backing up your existing policies.


Installing the CiscoWorks NCM Alert Center

To install the CiscoWorks NCM Alert Center1.3 Red Hat Enterprise Linux server, do the following:


Step 1 Navigate to http://www.cisco.com/cgi-bin/tablebuild.pl/cwncm-crypto to download the Alert Center package.

Step 2 Enter your www.cisco.com username and password to login.

Step 3 Select the CWNCM-AlertCenter-Linux-Installer-2.0.1.K9.zip file to download. When prompted, save the .zip file to a location on your local drive.

Step 4 Create a temporary directory to store the CiscoWorks NCM Alert Center installer, for example:

mkdir /tmp/AlertCenter

Step 5 Unzip the downloaded .zip to the temporary directory:

unzip AlertCenterContentCache-Linux-Installer-2.0.1.zip -d /tmp/AlertCenter/

Step 6 To launch the installer, type the following command:

/tmp/AlertCenter/install.sh

The following prompt appears:

Enter your CiscoWorks NCM Username:

Step 7 Enter your CiscoWorks NCM username. The following prompt appears:

Enter your CiscoWorks NCM Password:

Step 8 Enter your CiscoWorks NCM password. This password will be encrypted with the encrypt-passwords command.

Step 9 Enter your preferred installation directory for the CiscoWorks NCM Alert Center. The default install location is [/opt/cisco/alert-center-content-cache].

The following prompt appears:

Enter your Cisco.com username:

Step 10 Enter the Cisco.com username of the user that will be entitled to use the service. The following prompt appears:

Enter your purchase order number:

Step 11 Enter your purchase order number. The following prompt appears:

Enter your Sales Order number:

Step 12 Enter your Sales Order number. The following prompt appears:

Enter your company's name as it appears on the invoice:

Step 13 Enter your company's name as it appears on the invoice. The following prompt appears:

Enter the email address that the confirmation number should be sent to:

Step 14 Enter the email address that the confirmation number should be sent to. The following prompt appears:

Enter your full name:

Step 15 Enter your full name. A message appears that the installation was successful.

Step 16 Click Enter to exit the Installer and return to the prompt.

Step 17 An email will be sent to ncmac-subscription@cisco.com hat contains the information used to authorize your Cisco.com account to the service.

If there is an error sending the email message, the following message appears: An error occurred when attempting to send the registration email to Cisco. Please send an email to ncmac-subscription@cisco.com that contains the content of the file <CWNCM_install_directory>/content/registration_email.txt The install was otherwise successful.


You will need to wait for your account to be authorized before proceeding.

If the installation fails, uninstall CiscoWorks NCM Alert Center using the instructions in the "Uninstalling the CiscoWorks NCM Alert Center" section and install CiscoWorks NCM Alert Center in Debugging mode using the instructions in the "Installing the CiscoWorks NCM Alert Center in Debugging Mode" section. Capture the console output and logs and contact Cisco Technical Support.

Installing the CiscoWorks NCM Alert Center in Debugging Mode

You can launch the Installer in debug mode to create a log for debugging purposes. To launch the Installer, enter the following command:

./install.sh debug

The rest of the installation process is unchanged. The installer log created in debug mode is located in

<Alert Center Install Directory>/accc/log/alert-center-content-cache.log

2 Configuring a Proxy Server During CiscoWorks NCM Alert Center 1.3 Installation

To configure a proxy server during a CiscoWorks NCM Alert Center 1.3 installation, add the following to the file /<alert-center-content-cache install directory>/accc/etc/alert-center-content-cache.conf:

proxy server http address and port

proxy server username

proxy server password

Leave the fields blank if not applicable.

3 Installing CiscoWorks NCM Alert Center in an Air Gapped Environment

In cases where a proxy server might interfere with CiscoWorks NCM Alert Center's ability to perform properly, you can install CiscoWorks NCM Alert Center 1.3 on a system outside of the proxy server. This environment is referred to as air gapped or standalone.

The following two systems are included in this procedure:

The connected system: a system that is allowed to make a connection over the Internet to the Cisco.com file exchange forum

The isolated system: a system that is not allowed to connect to the Internet

To install CiscoWorks NCM Alert Center 1.3 in n air gapped or standalone environment, do the following:


Step 1 Download the CiscoWorks NCM Alert Center 1.3 software package from Cisco.com. Follow the instructions for your specific platform:

"Installing CiscoWorks NCM Alert Center on a Windows Server" section

"Installing CiscoWorks NCM Alert Center on a Solaris Server" section

"Installing CiscoWorks NCM Alert Center on a Red Hat Enterprise Linux Server" section

Step 2 Install the CiscoWorks NCM Alert Center 1.3 software on an internet-connected server:

a. Log on to the internet-connected system.

b. Navigate to http://www.cisco.com/cgi-bin/tablebuild.pl/cwncm-crypto to download the CiscoWorks NCM Alert Center package.

c. Enter your www.cisco.com username and password to login.

d. Select the installer file appropriate for your platform:

For Windows: CWNCM-AlertCenter-Windows-Installer-2.0.1.K9.zip

For Solaris: CWNCM-AlertCenter-Solaris-Installer-2.0.1.K9.zip

For Linux: CWNCM-AlertCenter-Linux-Installer-2.0.1.K9.zip

When prompted, save the .zip file to a temporary location on your local drive such as Desktop.

e. In the directory to which you downloaded the .zip file, unzip the file to a temporary directory. Keep the subdirectory structure intact.

f. Launch the Installer from the directory where the files were unzipped.

g. Enter your preferred installation directory for the CiscoWorks NCM Alert Center. The default install location is:

For Windows: [C:\alert-center-content-cache]

For Solaris: [/opt/cisco/alert-center-content-cache]

For Linux: [/opt/cisco/alert-center-content-cache]

The following prompt appears:

Enter your SMTP server hostname:

h. Enter your email server address. The following prompt appears:

Enter your Cisco.com username:

i. Enter the Cisco.com username of the user that will be entitled to use the service. The following prompt appears:

Enter your purchase order number:

j. Enter your purchase order number. The following prompt appears:

Enter your Sales Order number:

k. Enter your Sales Order number. The following prompt appears:

Enter your company's name as it appears on the invoice:

l. Enter your company's name as it appears on the invoice. The following prompt appears:

Enter the email address that the confirmation number should be sent to:

m. Enter the email address that the confirmation number should be sent to. The following prompt appears:

Enter your full name:

n. Enter your full name. A message appears that the installation was successful.

o. Click Enter to exit the Installer and return to the prompt.

Step 3 Configure the internet-connected server:

a. Edit the alert-center-content-cache.conf file:

For Windows: <alert-center-content-cache install directory>\accc\etc\alert-center-content-cache.conf

For Solaris: <alert-center-content-cache install directory>/accc/etc/alert-center-content-cache.conf

For Linux: <alert-center-content-cache install directory>/accc/etc/alert-center-content-cache.conf

b. Edit Cisco.com credentials

c. Edit the Proxy server address and credentials

Step 4 Use the CiscoWorks NCM Alert Center software package downloaded from Cisco.com to install CiscoWorks NCM Alert Center on an isolated CiscoWorks NCM server following the instructions in Step 2 above.

An email will be sent to ncmac-subscription@cisco.com that contains the information used to authorize your Cisco.com account to the service. As this system is isolated, ignore any failed email error messages. Make sure an email is sent to the CiscoWorks NCM Alert Center Admin to enable access to file exchange forum in Cisco.com from the internet facing server.

Step 5 Configure CiscoWorks NCM Alert Center on the isolated CiscoWorks NCM server:

a. Edit the alert-center-content-cache.conf file:

For Windows: <alert-center-content-cache install directory>\accc\etc\alert-center-content-cache.conf

For Solaris: <alert-center-content-cache install directory>/accc/etc/alert-center-content-cache.conf

For Linux: <alert-center-content-cache install directory>/accc/etc/alert-center-content-cache.conf

b. Edit the CiscoWorks NCM credentials


4 Installing CiscoWorks NCM Alert Center in a High Availability Environment

When installing CiscoWorks NCM Alert Center 1.3 in a High Availability (HA) environment, keep in mind the following:

CiscoWorks NCM has two supported HA deployment configurations. In either case, the core database is logically shared between all HA nodes. The database is where the CiscoWorks NCM Alert Center-imported policy content resides.

If CiscoWorks NCM Alert Center is installed on a single node within this HA deployment, the policy downloads and imports that are done by this single CiscoWorks NCM Alert Center instance will automatically be propagated to other nodes in the deployment by CiscoWorks NCM through its HA capabilities.

We do not recommend that CiscoWorks NCM Alert Center be enabled to run on multiple nodes in the CiscoWorks NCM HA deployment because the content caches are not synchronized across nodes and thus any one CiscoWorks NCM Alert Center instance cannot ascertain if an CiscoWorks NCM Alert Center-delivered policy was already imported on a different node by a different CiscoWorks NCM Alert Center instance.

In the unlikely event that the specific CiscoWorks NCM node that CiscoWorks NCM Alert Center is installed on fails, a second CiscoWorks NCM Alert Center instance may then be enabled to run on any surviving cluster node in the CiscoWorks NCM HA set up. In this scenario, if the entire CiscoWorks NCM Alert Center install directory hierarchy is already shared between the CiscoWorks NCM nodes, the newly-enabled CiscoWorks NCM Alert Center will be cache-synchronized with the first CiscoWorks NCM Alert Center download and import history, and will be ready to go without any duplicate imports.

If on the other hand, the CiscoWorks NCM Alert Center directory hierarchy is not shared between CiscoWorks NCM nodes in this failure scenario, the newly-enabled CiscoWorks NCM Alert Center will try to download and apply all available policies, including ones that were already installed into the core by the failed CiscoWorks NCM Alert Center instance. During the import process, CiscoWorks NCM will simply give an error for each pre-existing policy instance already in the database, so expect to see a number of errors in the CiscoWorks NCM Alert Center import log the first time the newly installed CiscoWorks NCM Alert Center runs on a new cluster node.

If CiscoWorks NCM does accept a duplicate policy import, it will automatically rename the new duplicate policy to avoid name conflicts and leave it as inactive without any device group association for the policy. So any such duplicate policies will be imported essentially as test policies that are inactive.

CiscoWorks NCM Alert Center installation on the new node should behave as before after the first run, because all new policy imports from that point on will be automatically synchronized across the CiscoWorks NCM nodes in the HA deployment as stated before.

5 CiscoWorks NCM Alert Center Configuration

This section describes how to configure CiscoWorks NCM Alert Center, and its services and streams. This section also explains how to verify that content is downloaded and where the CiscoWorks NCM Alert Center log file is located.

Configuring CiscoWorks NCM Alert Center

To configure CiscoWorks NCM Alert Center do the following:


Step 1 Add the following path to your PATH variable:

(Windows) <Alert Center Install Directory>\accc\bin

(Linux or Solaris) /opt/cisco/<Alert Center Install Directory>/accc/bin

Step 2 Using a text editor, open the configuration file.

By default, the configuration file on a Windows server is <Alert Center Install Directory>\accc\etc\alert-center-content-cache.conf

By default, the configuration file on Linux or Solaris server is:

/opt/cisco/<Alert Center Install Directory>/accc/etc/alert-center-content-cache.conf

Step 3 At the username and password entries in the configuration file, type your www.cisco.com username and password.

Step 4 At the ncm_user and ncm_pass entries in the configuration file, type the CiscoWorks NCM administrator username and password.

Step 5 Check if the url variable in the configuration file is set to the following value:

https://upload.cisco.com/cgi-bin/swc/fileexg/main.cgi?CONTYPES=NCM-Streams

Step 6 Save your changes to the configuration file.

Step 7 To hash your password, for example in Windows, open a command prompt in the directory appropriate for your platform:

For Windows: <alert-center-content-cache install directory>\accc\bin

For Solaris: <alert-center-content-cache install directory>/accc/bin

For Linux: <alert-center-content-cache install directory>/accc/bin

Then run the following command:

alert-center-content-cache encrypt-passwords


When you first run the CiscoWorks NCM Alert Center, the CiscoWorks NCM Alert Center will automatically authenticate itself by detecting redirects. This authentication verifies that the location it is redirected to is an Cisco.com domain, and retrieves and provides cookies as needed.

Configuring Services and Streams

To configure services and streams, do the following:


Step 1 At a command prompt, enter the following command to view a list of available streams:

alert-center-content-cache list-streams (or alert-center-content-cache.bat list-streams)

The format of the value returned by that command is platform, service, stream (stream.name). An example of a stream returned by this command is

ncm security vc_cisco (security.vc_cisco)

Each service that you want to have access to must have a section in the CiscoWorks NCM Alert Center configuration file.

If the alert-center-content-cache.conf file lacks a section for a service, edit the file and add a section as appropriate.

By default, the configuration file on a Windows platform is:

<Alert Center Install Directory>\accc\etc\alert-center-content-cache.conf

By default, the configuration file on a Linux or Solaris platform is:

/opt/cisco/<Alert Center Install Directory>/accc/etc/alert-center-content-cache.conf

Step 2 Each stream in a service must be enabled in the configuration file in its service section. Set the value of a stream to 1 to enable the stream, or to 0 to disable that stream.

Step 3 Save your changes to the configuration file and then exit the text editor.


Scheduling CiscoWorks NCM Alert Center to Recur

Create an entry in the server's crontab file for the root user to set the CiscoWorks NCM Alert Center to run at recurring intervals. For example, add the following line to run the live-network-connector script every day at midnight:

0 0 * * 1-7 <CWNCM_ install_directory>/accc/bin/alert-center-content-cache 2>&1

Scheduling the CiscoWorks NCM Alert Center to Run as an External Application Task

To schedule the CiscoWorks NCM Alert Center to run as an external application task, do the following:


Step 1 Log in to CiscoWorks NCM.

Step 2 Navigate Tasks > New Task > Run External Application. The New Task - Run External Application window appears.

Step 3 In the Task Name field, enter Synchronize Security Service Alert.

Step 4 In the Start Date field, click Calendar and select the Wednesday of the current or following week. Then, edit the start time to read 5:00am local time (such as: 02-10-08 05:00). Security Alert updates are automatically released every Tuesday (Pacific Standard Time (PST) = GMT-8). In addition, they are released for immediate vulnerabilities based on alert criticality. It is recommended that you automate this task to run on Wednesday morning so as to capture new security alerts as they become available.

Step 5 In the Comments field, type: The Cisco Network: Security Alert Service Update Client.

Step 6 Under the Task Options section in the Run field, enter one of the following:

(Windows) <Alert Center Install Directory>\accc\bin\alert-center-content-cache.exe

(Linux or Solaris) /opt/cisco/<Alert Center Install Directory>/accc/bin/alert-center-content-cache

Step 7 Leave the Start In field blank.

Step 8 In the Task Result field, select Treat non-zero result code as failed task.

Step 9 In the Text Output field, select the desired output method.

Step 10 Under the Scheduling Options section in the Retry Count field, you can either accept the default No Retry or select any of the other options.

Step 11 In the Retry Interval field, accept the default retry interval five minutes.

Step 12 In the Recurring Options field, select Weekly and Wed.

Step 13 In the Range of Recurrence field, accept the default No End Date.

Step 14 Click Save Task.


6 Uninstalling the CiscoWorks NCM Alert Center


Note These steps assume you installed CiscoWorks NCM Alert Center 1.3 using the default directories and names. If you installed to a different directory or used different names, you must adjust accordingly.


To uninstall the CiscoWorks NCM Alert Center 1.3 from a Windows server, delete the CiscoWorks NCM Alert Center Install directory:

[C:\alert-center-content-cache]

To uninstall the CiscoWorks NCM Alert Center 1.3 from a Solaris or Linux server, run the following commands:

rm -rf /opt/cisco/<Alert Center Install Directory>


Note Be sure to back up any existing policies that you have before uninstalling CiscoWorks NCM Alert Center.


7 Launching the CiscoWorks NCM Alert Center

In addition to the steps in "Configuring CiscoWorks NCM Alert Center" section, the CiscoWorks NCM Alert Center should have default values for its other configuration values.

To launch the CiscoWorks NCM Alert Center on a Windows platform, do the following:


Step 1 Open a command prompt, and then change to the <Alert Center Install Directory>\accc\bin directory.

Step 2 Run the following command:

alert-center-content-cache

Contents are imported into CiscoWorks NCM as Policies. To view the list of policies, navigate Policies > Policy List.


To launch the CiscoWorks NCM Alert Center on a Linux or Solaris platform, do the following:


Step 1 Open a terminal window, and then change to the /opt/cisco/<Alert Center Install Directory>/accc/bin directory.

Step 2 Run the following command:

./alert-center-content-cache

Contents are imported into CiscoWorks NCM as Policies. To view the list of policies, navigate Policies > Policy List.


By default, the CiscoWorks NCM Alert Center will:

Connect over SSL

Re-attempt a failed download once

Retain successfully downloaded files in the cache until they have been updated on the server.


Note The first update can take a significant amount of time.


8 Command Line Options, Importing Content, and Log Files

This section describes the CiscoWorks NCM Alert Center commands and command line options, importing content, and the CiscoWorks NCM Alert Center log file.I S C H A P T E R

Command Options

To see the complete list of available commands and the online Help on a Windows platform, do the following:


Step 1 Open a command prompt and then change to the <Alert Center Install Directory>\accc\bin directory.

Step 2 Run the following command:

alert-center-content-cache --help (or alert-center-content-cache.bat --help)


To see the complete list of available commands and the online Help on a Linux or Solaris platform, do the following:


Step 1 Open a terminal window and then change to the /opt/cisco/<Alert Center Install Directory>/accc/bin directory.

Step 2 Run the following command:

./alert-center-content-cache --help


The following list shows some of the available options that can be called at the command line when launching the CiscoWorks NCM Alert Center:

download - Downloads content for the services and streams configured on the locally-installed CiscoWorks NCM Alert Center.

download-import - This is the default command, running CiscoWorks NCM Alert Center without specifying a command runs this command. Downloads content for the services and streams configured on the locally-installed CiscoWorks NCM Alert Center, and imports the content.

import - Imports the content that has been previously downloaded using the download command.

encrypt-passwords - Encrypt the passwords entered in plaintext in the configuration file.

list-streams - Shows the available services and streams. For more information see "Configuring Services and Streams" section.

read-config - Shows the value of a configuration file in the CiscoWorks NCM Alert Center configuration file.

For example, the following command:

/opt/cisco/alert-center-content-cache/accc/bin/alert-center-content-cache read-config --username

displays the value of username in the CiscoWorks NCM Alert Center configuration file.

write-config - Sets the value of a configuration file in the CiscoWorks NCM Alert Center configuration file.

For example, the following command:

/opt/cisco/alert-center-content-cache/accc/bin/alert-center-content-cache write-config --username="user_name"

sets the value of username in the CiscoWorks NCM Alert Center configuration file to user.

To see the available command-line options for a specific command, run the following command:

/opt/cisco/alert-center-content-cache/accc/bin/alert-center-content-cache <command> --help

For example, to see the available command-line options for the download-import command, run the following command:

/opt/cisco/alert-center-content-cache/accc/bin/alert-center-content-cache download-import --help

Command Line Options

The following list shows some of the available options that can be called at the command line when launching CiscoWorks NCM Alert Center:

Configure http proxy settings with the --http-proxy, --http-proxy-user, and --http-proxy-pass options.

Download content to a directory with the --export-to-directory option.

Import content from a directory with the --import-from-directory option.

Restrict the content to be downloaded to a specific product with the --product option. For example, --product sas limits the content to content that is relevant to SA.

These options can also be set in the configuration file.

Importing Content

To help verify that the content was downloaded, the CiscoWorks NCM Alert Center calculates the SHA256 sum of downloaded files and checks the result against the SHA256 sum listed for the file in the stream. If the download succeeded, CiscoWorks NCM Alert Center updates the cache file to list a file as downloaded. CiscoWorks NCM Alert Center retains the files in the cache unless it is told not to.

CiscoWorks NCM Alert Center checks the return status of the import commands to see if the import succeeded. If the import succeeded, the CiscoWorks NCM Alert Center marks the file as imported and caches the information. Check the log file to make sure that the content imported successfully.

CiscoWorks NCM Alert Center Log File

By default, the CiscoWorks NCM Alert Center log file is named alert-center-content-cache.log and is located in the following directory:

Windows - <Alert Center Install Directory>\accc\log

Linux and Solaris - /opt/cisco/<Alert Center Install Directory>/accc/log

Also note that the log file name and location can be configured in the configuration file as:

logfile_path=log/alert-center-content-cache.log

Downloading and Importing Content in an Air Gapped Environment

To transfer policies from a CiscoWorks NCM Alert Center system connected to the Internet to an isolated CiscoWorks NCM Alert Center system, do the following:


Step 1 Log on to the internet-connected system.

Step 2 Edit the alert-center-content-cache.conf file:

For Windows: <alert-center-content-cache install directory>\accc\etc\alert-center-content-cache.conf

For Solaris: <alert-center-content-cache install directory>/accc/etc/alert-center-content-cache.conf

For Linux: <alert-center-content-cache install directory>/accc/etc/alert-center-content-cache.conf

and configure the CiscoWorks NCM Alert Center to download the services and streams required for the isolated system.

Step 3 Open a command prompt and change the directory:

For Windows: <alert-center-content-cache install directory>\accc\bin

For Solaris: <alert-center-content-cache install directory>/accc/bin

For Linux: <alert-center-content-cache install directory>/accc/bin

Step 4 Enter the following command:

alert-center-content-cache download -e <export_dir>

where export_dir is a temporary directory for the downloaded files.

Step 5 Compress the contents of export_dir to .zip format. This task uses content.zip as the example of name of the compressed file.

Step 6 Transfer the content.zip file from the connected system to the isolated CiscoWorks NCM system.

Step 7 On the isolated CiscoWorks NCM system, uncompress the content.zip file to a temporary directory named import_dir where import_dir is a temporary directory for the uncompressed files.

Step 8 To import the content files, enter the following command:

alert-center-content-cache import -i <import_dir>

where import_dir is the temporary directory that content.zip file was uncompressed.

Step 9 Log into CiscoWorks NCM and navigate Policies- >List Policies to verify policies were imported.

Step 10 In CiscoWorks NCM, select Admin- >Start Stop Services, then click on Reload Content in CCO box.


9 Known Issues

The following are known issues in CiscoWorks NCM Alert Center, Version 1.3.

CSCsw41840 Acquire CWNCM install root during install time

Description: If the CiscoWorks NCM install root directory was not configured, CiscoWorks NCM Alert Center will not be able to import content policies into CiscoWorks NCM.

Workaround: Make sure the CiscoWorks NCM install root directory is entered along with Cisco.com and CiscoWorks NCM credentials in alert-center-content-cache.conf after installation.


CSCsw41846 Download contents are always retained

Description: Downloaded contents were not deleted after being imported into CiscoWorks NCM when the retain_file option in alert-center-content-cache.conf is set to 0.

Workaround: Manually remove the contents after successfully imported into CiscoWorks NCM. Then contents are either under the default <AlertCenter Install Dir>/cache directory or wherever issued by the user as a parameter download CLI command.


CSCsw44115 Can not abort import command immediately

Description: Import operation was not aborted completely with Ctrl-C keys entered, only a particular importing stream was aborted. The system continued with the following streams on the list.

Workaround: Continue to enter Ctrl-C until the system completes aborting.


CSCsw45063 CLI should be able to take encrypted password

Description: CLI command does not understand the encrypted passwords in alert-center-content-cache.conf, which were previously encrypted. The only option is to use clear text passwords, which can be inadvertently left in the shell command history.

Workaround: There is no workaround. Make sure that the shell history is either turned off before using CiscoWorks NCM Alert Center CLI commands or clear the shell history before logging off.


CSCsx10043 Alert Center 1.3 fails with non-proxy configuration on SUSE 10

Description: CiscoWorks NCM Alert Center running on SUSE Linux 10 fails to connect to the file forum on Cisco.com when all proxy server related configuration fields are not configured (left blank).

Workaround: Use CiscoWorks NCM Alert Center with a proxy server either in non-authenticated or authenticated mode when CiscoWorks NCM Alert Center is installed on a SUSE Linux 10 server.


10 Accessing the CiscoWorks NCM Documentation Set

You can access the entire CiscoWorks Network Compliance Manager documentation set from the following Cisco.com URL:

http://www.cisco.com/en/US/products/ps6923/tsd_products_support_series_home.html

From here you can navigate to any documentation for CiscoWorks NCM you will need.


Tip To cut and paste a two-line URL into the address field of your browser, you must cut and paste each line separately to get the entire URL without a break.



Note All documentation, including this document and any or all of the parts of the CiscoWorks NCM documentation set, might be upgraded over time. Therefore, we recommend you access the CiscoWorks NCM documentation set using the Cisco.com URL: http://www.cisco.com/en/US/products/ps6923/tsd_products_support_series_home.html



Note The Docs tab visible from within Network Compliance Manager might not include links to the latest documents.


11 Obtaining Documentation and Submitting a Service Request

For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:

http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html

Subscribe to the What's New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service and Cisco currently supports RSS version 2.0.

12 Notices

The following notices pertain to this software license.

OpenSSL/Open SSL Project

This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/).

This product includes cryptographic software written by Eric Young (eay@cryptsoft.com).

This product includes software written by Tim Hudson (tjh@cryptsoft.com).

License Issues

The OpenSSL toolkit stays under a dual license, i.e. both the conditions of the OpenSSL License and the original SSLeay license apply to the toolkit. See below for the actual license texts. Actually both licenses are BSD-style Open Source licenses. In case of any license issues related to OpenSSL please contact openssl-core@openssl.org.

OpenSSL License:

Copyright © 1998-2007 The OpenSSL Project. All rights reserved.

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

1. Redistributions of source code must retain the copyright notice, this list of conditions and the following disclaimer.

2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions, and the following disclaimer in the documentation and/or other materials provided with the distribution.

3. All advertising materials mentioning features or use of this software must display the following acknowledgment: "This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/)".

4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to endorse or promote products derived from this software without prior written permission. For written permission, please contact openssl-core@openssl.org.

5. Products derived from this software may not be called "OpenSSL" nor may "OpenSSL" appear in their names without prior written permission of the OpenSSL Project.

6. Redistributions of any form whatsoever must retain the following acknowledgment:

"This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/)".

THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT "AS IS"' AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

This product includes cryptographic software written by Eric Young (eay@cryptsoft.com). This product includes software written by Tim Hudson (tjh@cryptsoft.com).

Original SSLeay License:

Copyright © 1995-1998 Eric Young (eay@cryptsoft.com). All rights reserved.

This package is an SSL implementation written by Eric Young (eay@cryptsoft.com).

The implementation was written so as to conform with Netscapes SSL.

This library is free for commercial and non-commercial use as long as the following conditions are adhered to. The following conditions apply to all code found in this distribution, be it the RC4, RSA, lhash, DES, etc., code; not just the SSL code. The SSL documentation included with this distribution is covered by the same copyright terms except that the holder is Tim Hudson (tjh@cryptsoft.com).

Copyright remains Eric Young's, and as such any Copyright notices in the code are not to be removed. If this package is used in a product, Eric Young should be given attribution as the author of the parts of the library used. This can be in the form of a textual message at program startup or in documentation (online or textual) provided with the package.

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

1. Redistributions of source code must retain the copyright notice, this list of conditions and the following disclaimer.

2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.

3. All advertising materials mentioning features or use of this software must display the following acknowledgement:

4. "This product includes cryptographic software written by Eric Young (eay@cryptsoft.com)".

5. The word `cryptographic' can be left out if the routines from the library being used are not cryptography-related.

6. If you include any Windows specific code (or a derivative thereof) from the apps directory (application code) you must include an acknowledgement: "This product includes software written by Tim Hudson (tjh@cryptsoft.com)".

THIS SOFTWARE IS PROVIDED BY ERIC YOUNG "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

The license and distribution terms for any publicly available version or derivative of this code cannot be changed. i.e. this code cannot simply be copied and put under another distribution license [including the GNU Public License].