Cisco Prime Infrastructure 2.0 Administrator Guide

Specifying Alarm Clean Up and Display Options

The Administration > System Settings > Alarms and Events page enables you to specify when to delete alarms and how to set display and email options for alarms.

Step 1 Choose Administration > System Settings.

Step 2 From the left sidebar menu, choose Alarms and Events. The Administration > System Settings > Alarms and Events page appears.

Step 3 Modify the Alarm and Event Cleanup Options:

• Delete active and cleared alarms after—Enter the number of days after which active and cleared alarms are deleted. You can disable this option by unselecting the check box.
• Delete cleared security alarms after—Enter the number of days after which Security, Rogue AP, and Adhoc Rogue alarms are deleted.
• Delete cleared non-security alarms after—Enter the number of days after which non-security alarms are deleted. Non-security alarms include all alarms that do not fall under the Security, Rogue AP, or Adhoc Rogue categories.
• Delete all events after—Enter the number of days after which all the events are deleted. If you want this deletion task to be performed first, set its value smaller than all the other Alarm and Events Cleanup Options.

Note Prime Infrastructure deletes old alarms nightly, as part of normal data cleanup tasks, and checks the alarm table size once an hour. When the alarm table size exceeds 300K, Prime Infrastructure deletes the oldest cleared alarms until the alarm table size is within 300K. If you want to keep cleared alarms for more than seven days, then you can specify a value more than seven days in the Delete cleared non-security alarms after text box, until the alarm table size reaches 300K.

Step 4 Under Syslog Cleanup Options, in the Delete all syslogs after field, enter the number of days after which all syslogs are deleted.

Step 5 Modify the Alarm Display Options:

• Hide acknowledged alarms—When the check box is selected, Acknowledged alarms do not appear on the Alarm Summary page. This option is enabled by default. Emails are not generated for acknowledged alarms, regardless of severity change.
• Hide assigned alarms—When the check box is selected, assigned alarms do not appear in the Alarm Summary page.
• Hide cleared alarms—When the check box is selected, cleared alarms do not appear in the Alarm Summary page. This option is enabled by default.
• Add controller name to alarm messages—Select the check box to add the name of the controller to alarm messages.
• Add Prime Infrastructure address to email notifications—Select the check box to add Prime Infrastructure address to email notifications.

Note Changes in these options affect the Alarm Summary page only. Quick searches for alarms for any entity will display all alarms for that entity, regardless of alarm state.

Step 6 Modify the Alarm Email Options:

• Include alarm severity in the email subject line—Select the check box to include alarm severity in the email subject line. This option is enabled by default.
• Include alarm Category in the email subject line—Select the check box to include alarm category in the email subject line. This option is enabled by default.
• Include prior alarm severity in the email subject line—Select the check box to include prior alarm severity in the email subject line.
• Include custom text in the email subject line—Select the check box to add custom text in the email subject line. You can also replace the email subject line with custom text by selecting the Replace the email subject line with custom text check box.
• Include custom text in body of email—Select the check box to add custom text in the body of email.
• Include alarm condition in body of email—Select the check box to include alarm condition in the body of email.
• Add link to Alarm detail page in body of email—Select the check box to add a link to the Alarm detail page in the body of email.
• Enable Secure Message Mode—Select the check box to enable a secure message mode. If you select the Mask IP Address and Mask Controller Name check boxes, the alarm emails are sent in secure mode where all the IP addresses and controller names are masked.

Step 7 Modify the Alarm Other Settings:

• Controller license count threshold—Enter the minimum number of available controller licenses you want to maintain. An alarm is triggered if the number of available controller licenses falls below this threshold.
• Controller access point count threshold—Enter the maximum number of available controller access points you want to maintain. An alarm is triggered if the number of available access points exceeds this threshold limit.

Step 8 Click Save.

Changing Alarm Severities

You can change the severity level for newly generated alarms.

Note Existing alarms remain unchanged.

To change the severity level of newly generated alarms:

Step 1 Choose Administration > System Settings.

Step 2 Choose Severity Configuration from the left sidebar menu.

Step 3 Select the check box of the alarm condition whose severity level you want to change.

Step 4 From the Configure Severity Level drop-down list, choose the new severity level (Critical, Major, Minor, Warning, Informational, or Reset to Default).

Step 5 Click Go, then click OK.

Setting Up Auditing Configurations

The Administration > System Settings > Audit page allows you to determine the type of audit and on which parameters the audit is performed.

• Choosing the Type of Audit—Choose between basic auditing and template based auditing.
• Selecting Parameters on Which to Audit—Choose to audit on all parameters or on selected parameters for a global audit.

Choosing the Type of Audit

The audit mode group box allows you to choose between basic auditing and template based auditing. Basic audit is selected by default.

• Basic Audit—Audits the configuration objects in Prime Infrastructure database against current WLC device values. Prior to the 5.1.0.0 version of Prime Infrastructure, this was the only audit mode available.

Note Configuration objects refer to the device configuration stored in Prime Infrastructure database.

• Template-based Audit—Audits on the applied templates, config group templates (which have been selected for the background audit), and configuration audits (for which corresponding templates do not exist) against current Controller device values.

Step 1 Choose Administration > System Settings.

Step 2 From the left sidebar menu, choose Audit. The Audit page appears.

Step 3 Choose Basic Audit or Template Based Audit :

• A basic audit audits the device configuration in Prime Infrastructure database against the current Controller configuration.
• A template-based audit audits the applied templates, config group templates, and configuration objects (for which corresponding templates do not exist) against current Controller configuration.

Step 4 Choose if you want the audit to run on all parameters or only on selected parameters. If you select the Selected Parameters radio button, you can access the Configure Audit Parameters configuration page. (See the “Enabling Change Audit Notifications” section).

The selected audit parameters are used during network and controller audits.

Step 5 Click Save.

These settings are in effect when the controller audit or network audit is performed.

Selecting Parameters on Which to Audit

The Audit On group box allows you to audit on all parameters or to select specific parameters for an audit. When the Selected Parameters radio button is selected, you can access the Select Audit Parameters configuration page. The selected audit parameters are used during network and controller audits.

To configure the audit parameters for a global audit:

Step 1 Choose Administration > System Settings.

Step 2 From the left sidebar menu, choose Audit.

Step 3 Select the Selected Parameters radio button to display the Select Audit Parameters link, then click Save.

Step 4 Click Select Audit Parameters to choose the required parameters for the audit in the Administration > System Settings > Audit > Select Audit Parameters page.

Step 5 Enter the required information, then click Submit. The selected audit parameters are displayed on the Selected Attributes tab.

To access a current Controller Audit Report from the Configure > Controllers page, select an object from the Audit Status column.

To audit a controller, choose Audit Now from the Select a command drop-down list in the Configure > Controllers page, or click Audit Now directly from the Controller Audit report.

Deleting Syslogs from Audit Records

You should periodically delete (purge) audit records so that you don not have obsolete records taking up space on the server. The Administration > System Settings > Audit Log Purge Settings page allows you to purge the syslogs and send the purged logs either to trash or to a remote directory.

To configure the purge settings for syslogs:

Step 1 Choose Administration > System Settings.

Step 2 From the left sidebar menu, choose Audit Log Purge Settings.

Step 3 In the Keep logs younger than days text box, enter the number of days to define the log purge settings. The logs that are older than the days specified are purged.

Step 4 Choose either of the following options to clear the purged logs, then click Save.

• Send To Trash —The purged logs are sent to trash.
• Remote Directory —The purged logs are sent to the path specified in the Remote Directory text box.

Enabling Change Audit Notifications

Prime Infrastructure can send notifications to a Java Message Server (JMS) whenever there are changes in inventory or configuration parameters that are part of an audit you have defined.

By default, JMS notification of audit changes is disabled. To enable this feature in Prime Infrastructure, you must check the Enable Change Audit JMS Notification check box. Prime Infrastructure sends all change audit notifications in XML format to the topic ChangeAudit.All. You must be subscribed to ChangeAudit.All to receive the notifications.

Step 1 Choose Administration > System Settings.

Step 2 From the left sidebar menu, choose Change Audit Notification. The Change Audit Notification Settings page appears.

Step 3 Select the Enable Change Audit JMS Notification check box to enable notifications, then click Save.

Enabling SNMP Tracing

You can enable SNMP tracing to access more detailed information about the packets sent and received through SNMP. The SNMP tracing settings you specify are stored and used by the Prime Infrastructure SNMP server. To enable SNMP tracing, follow these steps.

Note When you upgrade from WCS Release 7.x to Prime Infrastructure Release 2.0, the settings under Administration > Logging Options > SNMP Logging Options are not retained.

Step 1 Choose Administration > Logging. The Logging Options page appears.

Step 2 Choose the SNMP Logging Options from the left sidebar menu.

Step 3 Select the Enable SNMP Trace check box to enable sending SNMP messages (along with traps) between controllers and Prime Infrastructure, then select the Display Values check box to see the SNMP message values.

Step 4 Configure the IP address or IP addresses to trace the SNMP traps. You can add up to a maximum of 10 IP addresses in the text box.

Step 5 You can configure the maximum SNMP file size and the number of SNMP files.

Changing Syslog Logging Options

Syslog option allows you to enable the sending of syslog messages relating to the internal operation of Prime Infrastructure, to a third party syslog server. It does not enable the relaying of syslog messages received from network devices, to a third party syslog server.

Step 1 Choose Administration > Logging, then click Syslog Logging Options.

Step 2 Select the Enable Syslog check box to enable sending of Prime Infrastructure system log messages.

Step 3 Configure the IP address of Syslog Server to which the system log message have to be sent.

Step 4 Choose the Syslog Facility. You can choose any of the eight local use facilities for sending syslog messages. The local use facilities are not reserved and are available for general use.

Step 5 Click Save.

Changing Logging Options to Enhance Troubleshooting

You can change the amount of data Prime Infrastructure collects to debug an issue. For easily reproduced issues, follow these steps prior to contacting TAC.

To change the amount of troubleshooting data to collect:

Step 1 In Lifecycle view: Choose Administration > Logging.

Step 2 From the Message Level drop-down list, choose Trace.

Step 3 Click each check box to enable all log modules.

Step 4 Reproduce the current problem.

Step 5 Return to the Logging Options page and click Download from the Download Log File section.

The logs.zip filename includes a prefix with the hostname, date, and time so that you can easily identify the stored log file. An HTML file that documents the log files is included in the ZIP file.

Step 6 After you have retrieved the logs, choose Information from the Message Level drop-down list.

Caution Leaving the Message Level at Trace can adversely affect performance over a long period of time.

---

Changing Mobility Service Engine Logging Options

You can use Prime Infrastructure to specify the Mobility Services Engine logging level and types of messages to log.

Step 1 In Classic view: Choose Design > Mobility Services > Mobility Services Engines, then select the name of the mobility services engine that you want to configure.

Step 2 Choose System > Logs, then choose the appropriate options from the Logging Level drop-down list.

There are four logging options: Off, Error, Information, and Trace. All log records with a log level of Error or preceding are logged to a new error log file locserver-error-%u-%g.log. This is an additional log file maintained along with the location server locserver-%u-%g.log log file. The error log file consists of logs of Error level along with their context information. The contextual information consists of 25 log records prior to the error. You can maintain up to 10 error log files. The maximum size allowed for each log file is 10 MB.

Caution Use Error and Trace only when directed to do so by Cisco TAC personnel.

---

Step 3 Select the Enable check box next to each element listed in that section to begin logging its events.

Step 4 Select the Enable check box in the Advanced Parameters dialog box to enable advanced debugging. By default, this option is disabled.

Step 5 To download log files from the server, click Download Logs. See the “Downloading Mobility Services Engine Log Files” section for more information.

Step 6 In the Log File Parameters group box, enter the following:

• The number of log files to be maintained in the mobility services engine. You can maintain a minimum of 5 log files and a maximum of 20 log files in the mobility services engine.
• The maximum log file size in MB. The minimum log file size is 10 MB and the maximum is 50 MB.

Step 7 In the MAC Address Based Logging Parameters group box, do the following:

• Select the Enable check box to enable MAC address logging. By default, this option is disabled.
• Add one or more MAC addresses for which you want to enable logging. You can also remove MAC addresses that you have already added by selecting the MAC address from the list and clicking Remove. See the “MAC Address-Based Logging” section for more information on MAC address-based logging.

Step 8 Click Save to apply your changes.

MAC Address-Based Logging

This feature allows you to create log files that are specific to an entity whose MAC address is specified. The log files are created in the locserver directory under the following path:

/opt/mse/logs/locserver

A maximum of five MAC addresses can be logged at a time. The log file format for MAC address aa:bb:cc:dd:ee:ff is:

macaddress-debug-aa-bb-cc-dd-ee-ff.log

You can create a maximum of two log files for a MAC address. The two log files might consist of one main and one backup or rollover log file.

The minimum size of a MAC log file is 10 MB. The maximum size allowed is 20 MB per MAC address. The MAC log files that are not updated for more than 24 hours are pruned.

Downloading Mobility Services Engine Log Files

If you need to analyze mobility services engine log files, you can use Prime Infrastructure to download them to your system. Prime Infrastructure downloads a zip file containing the log files.

To download a zip file containing the log files:

Step 1 In Classic view: Choose Design > Mobility Services > Mobility Services Engines.

Step 2 Select the name of the mobility services engine to view its status.

Step 3 Choose System > Logs from the left sidebar menu.

Step 4 In the Download Logs group box, click Download Logs.

Step 5 Follow the instructions in the File Download dialog box to open the file or save the zip file to your system.