Cisco Prime Infrastructure 2.2 Administrator Guide

Specifying Alarm Clean Up and Display Options

The Administration > System Settings > Alarms and Events page enables you to specify when to delete alarms and how to set display and email options for alarms.

Step 1 Choose Administration > System Settings .

Step 2 From the left sidebar menu, choose Alarms and Events . The Administration > System Settings > Alarms and Events page appears.

Step 3 Modify the Alarm and Event Cleanup Options:

• Delete active and cleared alarms after—Enter the number of days after which active and cleared alarms are deleted. You can disable this option by unselecting the check box.
• Delete cleared security alarms after—Enter the number of days after which Security, Rogue AP, and Adhoc Rogue alarms are deleted.
• Delete cleared non-security alarms after—Enter the number of days after which non-security alarms are deleted. Non-security alarms include all alarms that do not fall under the Security, Rogue AP, or Adhoc Rogue categories.
• Delete all events after—Enter the number of days after which all the events are deleted. If you want this deletion task to be performed first, set its value smaller than all the other Alarm and Events Cleanup Options.

Note Cisco Prime Infrastructure deletes old alarms nightly, as part of normal data cleanup tasks, and checks the storage size of the database alarm table once an hour. When the alarm table exceeds the 300,000 limit, Prime Infrastructure deletes the oldest cleared alarms until the alarm table size is within the limit. If you want to keep cleared alarms for more than seven days, then you can specify a value more than seven days in the Delete cleared non-security alarms after text box, until the alarm table size reaches the limit.

Step 4 In the Syslog Cleanup Options area, in the Delete all syslogs after text box, enter the number of days after which all aged syslogs are to be deleted.

Step 5 Modify the Alarm Display Options as needed:

• Hide acknowledged alarms—When the check box is selected, Acknowledged alarms do not appear in the Alarm Summary page. This option is enabled by default. Emails are not generated for acknowledged alarms, regardless of severity change.
• Hide assigned alarms—When the check box is selected, assigned alarms do not appear in the Alarm Summary page.
• Hide cleared alarms—When the check box is selected, cleared alarms do not appear in the Alarm Summary page. This option is enabled by default.
• Add controller name to alarm messages—Select the check box to add the name of the controller to alarm messages.
• Add Prime Infrastructure address to email notifications—Select the check box to add the Prime Infrastructure address to email notifications.

Note Changes in these options affect the Alarm Summary page only. Quick searches for alarms for any entity will display all alarms for that entity, regardless of alarm state.

Step 6 Modify the Alarm Email Options:

• Include alarm severity in the email subject line—Select the check box to include alarm severity in the email subject line. This option is enabled by default.
• Include alarm Category in the email subject line—Select the check box to include alarm category in the email subject line. This option is enabled by default.
• Include prior alarm severity in the email subject line—Select the check box to include prior alarm severity in the email subject line.
• Include custom text in the email subject line—Select the check box to add custom text in the email subject line. You can also replace the email subject line with custom text by selecting the Replace the email subject line with custom text check box.
• Include custom text in body of email—Select the check box to add custom text in the body of email.
• Include alarm condition in body of email—Select the check box to include alarm condition in the body of email.
• Add link to Alarm detail page in body of email—Select the check box to add a link to the Alarm detail page in the body of email.
• Enable Secure Message Mode—Select the check box to enable a secure message mode. If you select the Mask IP Address and Mask Controller Name check boxes, the alarm emails are sent in secure mode where all the IP addresses and controller names are masked.

Step 7 Modify the Alarm Other Settings:

• Controller license count threshold—Enter the minimum number of available controller licenses you want to maintain. An alarm is triggered if the number of available controller licenses falls below this threshold.
• Controller access point count threshold—Enter the maximum number of available controller access points you want to maintain. An alarm is triggered if the number of available access points exceeds this threshold limit.

Step 8 Click Save .

Changing Alarm Severities

You can change the severity level for newly generated alarms. Existing alarms remain unchanged.

Step 1 Choose Administration > System Settings > Severity Configuration.

Step 2 Select the check box of the alarm condition whose severity level you want to change.

Step 3 From the Configure Severity Level drop-down list, choose the new severity level: Critical , Major , Minor , Warning , Informational , or Reset to Default .

Step 4 Click Go, then click OK.

Setting Up Auditing Configurations

The Administration > System Settings > Audit page allows you to determine the type of audit and on which parameters the audit is performed.

• Choosing the Type of Audit—Choose between basic auditing and template based auditing.
• Selecting Parameters on Which to Audit—Choose to audit on all parameters or on selected parameters for a global audit.

Choosing the Type of Audit

The audit mode area allows you to choose between basic auditing and template based auditing. Basic audit is selected by default.

• Basic Audit—Audits the configuration objects in the Prime Infrastructure database against current Cisco Wireless LAN Controller device values.

Configuration objects refer to the device configuration stored in Prime Infrastructure database.

• Template-based Audit—Audits on the applied templates, config group templates (which have been selected for the background audit), and configuration audits (for which corresponding templates do not exist) against current Controller device values.

Step 1 Choose Administration > System Settings .

Step 2 From the left sidebar menu, choose Audit . The Audit page appears.

Step 3 Choose Basic Audit or Template Based Audit :

• A basic audit audits the device configuration in Prime Infrastructure database against the current Controller configuration.
• A template-based audit audits the applied templates, config group templates, and configuration objects (for which corresponding templates do not exist) against current Controller configuration.

Step 4 Choose if you want the audit to run on all parameters or only on selected parameters. If you select the Selected Parameters radio button, you can access the Configure Audit Parameters configuration page (see Enabling Change Audit Notifications).

The selected audit parameters are used during network and controller audits.

Step 5 Click Save .

These settings are in effect when the controller audit or network audit is performed.

Selecting Parameters on Which to Audit

The Audit On area allows you to audit on all parameters or to select specific parameters for an audit. When the Selected Parameters radio button is selected, you can access the Select Audit Parameters configuration page. The selected audit parameters are used during network and controller audits.

Step 1 Choose Administration > System Settings.

Step 2 From the left sidebar menu, choose Audit.

Step 3 Select the Selected Parameters radio button to display the Select Audit Parameters link, then click Save .

Step 4 Click Select Audit Parameters to choose the required parameters for the audit in the Administration > System Settings > Audit > Select Audit Parameters page.

Step 5 Enter the required information, then click Submit. The selected audit parameters are displayed on the Selected Attributes tab.

To access a current Controller Audit Report from the Configure > Controllers page, select an object from the Audit Status column.

To audit a controller, choose Select a command >Audit Now in the Configure > Controllers page, or click Audit Now directly from the Controller Audit report.

Enabling Change Audit Notifications

Prime Infrastructure can send notifications to a Java Message Server (JMS) whenever there are changes in inventory or configuration parameters that are part of an audit you have defined.

By default, JMS notification of audit changes is disabled. To enable this feature in Prime Infrastructure, you must select the Enable Change Audit Notification check box. Prime Infrastructure sends all change audit notifications in XML format to the topic ChangeAudit.All . You must be subscribed to ChangeAudit.All to receive the notifications.

Step 1 Choose Administration > System Settings > Change Audit Notification .

Step 2 Select the Enable Change Audit Notification check box to enable notifications.

Step 3 Click Save .

In addition to sending JMS notifications, Prime Infrastructure also sends Syslog messages to notify the Add/Delete/Edit/Create events that take place in the following features:

• Device management
• Device community and credential changes
• User management
• Configuration templates management
• Monitoring templates management
• Job management
• Login/logout
• Image distribution
• Configuration changes
• Inventory changes

To configure Syslog message notification settings, follow these steps:

Step 1 Choose Administration > System settings > Change Audit Notification.

Step 2 Enter the IP Address and TCP Port Number in the Syslog Receiver pane.

Step 3 Click Save .

Step 4 Click the Edit or Delete buttons, if you want to change or delete the Syslog message notification settings.

Note If you have configured syslog message notification settings but are still not receiving syslogs, you may need to change the anti-virus or firewall settings on the destination syslog receiver to permit reception of syslog messages.

Enabling SNMP Tracing

You can enable SNMP tracing to access more detailed information about the packets sent and received through SNMP. The SNMP tracing settings you specify are stored and used by the Prime Infrastructure SNMP server. To enable SNMP tracing, follow these steps.

Step 1 Choose Administration > Logging > SNMP Logging Options .

Step 2 Select the Enable SNMP Trace check box to enable sending SNMP messages and traps between controllers and Prime Infrastructure, then select the Display Values check box to see the SNMP message values.

Step 3 Configure the IP addresses on which to trace the SNMP traps. You can add up to 10 IP addresses in the text box.

Step 4 You can configure the maximum SNMP log file size and the maximum number of SNMP log files to retain.

Step 5 Click Save .

Changing Syslog Logging Options

Step 1 Choose Administration > Logging > Syslog Logging Options .

Step 2 Select the Enable Syslog check box to enable collecting and processing of system logs.

Step 3 In Syslog Host , enter the IP address of the interface from which the message is to be transmitted.

Step 4 Choose the Syslog Facility. You can choose any of the eight local use facilities for sending syslog messages. The local use facilities are not reserved and are available for general use.

Step 5 Click Save .

Changing Logging Options to Enhance Troubleshooting

You can change the amount of troubleshooting data Prime Infrastructure collects to help you debug an issue. For easily reproduced issues, follow these steps prior to contacting TAC.

Step 1 In Converged view, choose Administration > Logging .

Step 2 From the Message Level drop-down list, choose Trace .

Step 3 Select each check box to enable all log modules.

Step 4 Reproduce the current problem.

Step 5 Return to the Logging Options page and click Download from the Download Log File section.

The logs.zip filename includes a prefix with the hostname, date, and time so that you can easily identify the stored log file. An HTML file that documents the log files is included in the ZIP file.

Step 6 After you have retrieved the logs, choose Information from the Message Level drop-down list.

Changing Mobility Service Engine Logging Options

You can use Prime Infrastructure to specify the Mobility Services Engine logging level and types of messages to log.

Step 1 In Classic view: Choose Design > Mobility Services > Mobility Services Engines , then select the name of the mobility services engine that you want to configure.

Step 2 Choose System > Logs , then choose the appropriate options from the Logging Level drop-down list.

There are four logging options: Off, Error , Information , and Trace . All log records with a log level of Error or preceding are logged to a new error log file locserver-error-%u-%g.log. This is an additional log file maintained along with the location server locserver-%u-%g.log log file. The error log file consists of logs of Error level along with their context information. The contextual information consists of 25 log records prior to the error. You can maintain up to 10 error log files. The maximum size allowed for each log file is 10 MB.

Step 3 Select the Enable check box next to each element listed in that section to begin logging its events.

Step 4 Select the Enable check box in the Advanced Parameters dialog box to enable advanced debugging. By default, this option is disabled.

Step 5 To download log files from the server, click Download Logs . See Downloading Mobility Services Engine Log Files for more information.

Step 6 In the Log File Parameters area, enter the following:

• The number of log files to be maintained in the mobility services engine. You can maintain a minimum of 5 log files and a maximum of 20 log files in the mobility services engine.
• The maximum log file size in MB. The minimum log file size is 10 MB and the maximum is 50 MB.

Step 7 In the MAC Address Based Logging Parameters area, do the following:

• Select the Enable check box to enable MAC address logging. By default, this option is disabled.
• Add one or more MAC addresses for which you want to enable logging. You can also remove MAC addresses that you have already added by choosing the MAC address from the list and clicking Remove (see MAC Address-Based Logging).

Step 8 Click Save to apply your changes.

MAC Address-Based Logging

This feature allows you to create log files that are specific to an entity whose MAC address is specified. The log files are created in the locserver directory under the following path:

/opt/mse/logs/locserver

A maximum of five MAC addresses can be logged at a time. The log file format for MAC address aa:bb:cc:dd:ee:ff is:

macaddress-debug-aa-bb-cc-dd-ee-ff.log

You can create a maximum of two log files for a MAC address. The two log files might consist of one main and one backup or rollover log file.

The minimum size of a MAC log file is 10 MB. The maximum size allowed is 20 MB per MAC address. The MAC log files that are not updated for more than 24 hours are pruned.

Downloading Mobility Services Engine Log Files

If you need to analyze mobility services engine log files, you can use Prime Infrastructure to download them to your system. Prime Infrastructure downloads a zip file containing the log files.

To download a zip file containing the log files:

Step 1 In Classic view: Choose Design > Mobility Services > Mobility Services Engines .

Step 2 Select the name of the mobility services engine to view its status.

Step 3 From the left sidebar menu, choose System > Logs .

Step 4 In the Download Logs area, click Download Logs .

Step 5 Follow the instructions in the File Download dialog box to open the file or save the zip file to your system.