The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
You can configure the system policies for all of Cisco UCS Central, or at the domain group level. To configure system policies at the domain group, see Domain Group System Policies.
UCS Central system policies include the following:
Faults—Allows you to determine when faults are cleared, the flapping interval (the length of time between the fault being raised and the condition being cleared), and the retention interval (the length of time a fault is retained in the system).
Syslog—Allows you to determine the type of log files that you want to collect, and where you want to view them or store.
Core Dump—Uses the Core File Exporter to export core files as they occur.
From the Manage UCS Central System Policies dialog box, you can configure the properties and settings for faults, syslog, and core dump export.
Step 1 | From the System
Settings icon, choose
System
Policies.
This launches the Manage UCS Central System Policies dialog box. |
Step 2 | Click the icon
for the section that you want to configure.
|
Step 3 | Complete the fields as required for each section. |
Step 4 | Click Save. |
Step 1 | In the Task
bar, type
Manage
UCS Central Syslog and press Enter.
This launches the Manage UCS Central Syslog dialog box. |
Step 2 | In
Syslog
Sources, choose
Enabled for each source for which you want to
collect log files.
This can be one of the following: |
Step 3 | In
Local
Destination, specify where the syslog messages can be added and
displayed. This can be one of the following:
|
Step 4 | In
Remote
Destination, specify whether to store the syslog messages in a
primary, secondary, and/or tertiary server.
Specify the following information for each remote destination:
|
Step 5 | Click Save. |
Cisco UCS uses the Core File Exporter to export core files as soon as they occur to a specified location on the network through TFTP. This functionality allows you to export the core file in tar format.
Step 1 | In the Task
bar, type
Manage
UCS Central Core Dump Export and press
Enter.
This launches the Manage UCS Central Core Dump Export dialog box. |
Step 2 | Click Enable to export core files. |
Step 3 | (Optional)Enter a description for the remote server used to store the core file. |
Step 4 | The Frequency, Maximum No. of Files, Remote Copy, and Protocol fields are set by default. |
Step 5 | (Optional) In Absolute Remote Path, enter the path to use when exporting the core file to the remote server. |
Step 6 | In Remote Server Host Name/IP Address, enter a hostname or IP address to connect with via TFTP |
Step 7 | (Optional)In TFTP Port, enter the port number to use when exporting the core file via TFTP. The default port number is 69. |
Step 8 | Click Save. |
The system profile allows you to configure the system information such as the interfaces, date and time, DNS, remote access, trusted points, and certificate information for all of Cisco UCS Central.
To configure the domain group system profile, see Domain Group System Profile.
Step 1 | From the System
Settings icon, choose
System
Profile.
This launches the Manage UCS Central System Profile dialog box. |
Step 2 | In the
UCS
Central section, you can view the
UCS
Central System Name,
Mode, and virtual IPv4 and IPv6 addresses.
These values are populated when you first configure Cisco UCS Central. The system name and mode cannot be modified. |
Step 3 | In Interfaces, review or change the following management nodes: |
Step 4 | In Date & Time, choose the time zone and add an NTP server. |
Step 5 | In DNS, type the Cisco UCS Central domain name and add a DNS server. |
Step 6 | In Remote Access, choose a Key Ring. |
Step 7 | In Trusted Points, click Add to add a new trusted point and certificate chain. |
Step 8 | In Certificates, you can view the existing, or create a new key ring and certificate request. |
Step 9 | Click Save. |
Step 1 | In the Task
bar, type
Manage
UCS Central Management Node and press Enter.
This launches the Manage UCS Central Management Node dialog box. |
Step 2 | In Management Node, click the name of the node you would like to configure. |
Step 3 | Enter values for the IP Address, Subnet Mask, and Default Gateway. |
Step 4 | Click Save. |
Step 1 | In the Task bar, type
Manage UCS Central NTP Servers and press
Enter.
This launches the Manage UCS Central NTP Servers dialog box. |
Step 2 | In Time Zone, select the time zone for the domain. |
Step 3 | In NTP Servers, click Add to add a new NTP server, or Delete to remove an existing one. |
Step 4 | Click Save. |
Step 1 | In the Task bar, type
Manage UCS Central DNS Servers and press
Enter.
This launches the Manage UCS Central DNS Servers dialog box. |
Step 2 | In UCS Central Domain Name, type the name of the Cisco UCS Central domain. |
Step 3 | In DNS Servers, click Add to add a new DNS server, or Delete to remove an existing one. |
Step 4 | Click Save. |
You can configure the system policies at the domain group level, or for all of Cisco UCS Central. To configure system policies for UCS Central, see System Policies.
Domain group system policies include the following:
Equipment—Allows you to set policies for the equipment in your domain group, including discovery and power policies.
Rack Discovery—Allows you to determine what action is taken when a rack-mount server is discovered, and assign a scrub policy.
Fault—Allows you to determine when faults are cleared, the flapping interval (the length of time between the fault being raised and the condition being cleared), and the retention interval (the length of time a fault is retained in the system).
Syslog—Allows you to determine the type of log files that you want to collect, and where you want to view them or store.
Core Dump—Uses the Core File Exporter to export core files as they occur.
Interfaces—Allows you to set criteria for monitoring your domain group interfaces.
System Events—Allows you to set the criteria for domain group system event logs.
Note | If you are setting the system policies for a sub-domain, you need to enable each policy before you can set it. |
Step 1 | Navigate to the root Domain Group page. |
Step 2 | Click the Settings icon and select System Profile. |
Step 3 | In
Equipment, complete the necessary fields.
For more information, see Managing Equipment Policies. |
Step 4 | In
Rack
Discovery, complete the necessary fields.
For more information, see Managing Rack Discovery Policies. |
Step 5 | In
Fault, complete the necessary fields.
For more information, see Managing a UCS Central Fault Policy. |
Step 6 | In
Syslog, complete the necessary fields.
For more information, see Managing UCS Central Syslog. |
Step 7 | In
Core
Dump, complete the necessary fields.
For more information, see Managing UCS Central Core Dump Export. |
Step 8 | In Interfaces, choose whether to enable Interface Monitoring Policy. |
Step 9 | If you select Enabled, complete the interface monitoring information as required. |
Step 10 | In System Events, complete the necessary fields to determine how the system event logs will be collected. |
Step 11 | Click Save. |
The domain group system profile allows you to configure the date and time, DNS settings, remote access, and trusted points for each domain group.
To configure the system profile for Cisco UCS Central, see System Profile.
Step 1 | Navigate to the root Domain Group page. |
Step 2 | Click the Settings icon and select System Profile. |
Step 3 | In Date & Time, choose the time zone and add an NTP server. |
Step 4 | In DNS, type the UCS Central domain name and add a DNS server. |
Step 5 | In Remote Access, type the HTTPS, HTTPS Port, and choose a Key Ring. |
Step 6 | In Trusted Points, click Add to create a trusted point and add a certificate chain. |
Step 7 | Click Save. |
When you make any change to a service profile that is associated with servers in the registered domains, the change may require a server reboot. The maintenance policy determines how Cisco UCS Central reacts to the reboot request.
You can create a maintenance policy and specify the reboot requirements to make sure the server is not automatically rebooted with any changes to the service profiles. You can specify one of the following options for a maintenance policy:
Immediately: Whenever you make a change to the service profile, apply the changes immediately.
User Acknowledgment: Apply the changes after a user with administrative privileges acknowledges the changes in the system.
Schedule: Apply the changes based on the day and time you specify in the schedule.
When you create the maintenance policy if you specify a schedule, the schedule deploys the changes in the first available maintenance window.
Note | A maintenance policy only prevents an immediate server reboot when a configuration change is made to an associated service profile. However, a maintenance policy does not prevent the following actions from taking place right away:
|
To watch a video on creating a maintenance policy and associating it with a service profile, see Video: Creating a Global Maintenance Policy and Associating the Policy with a Service Profile.
Step 1 | In the Task
bar, type
Create
Maintenance Policy and press Enter.
This launches the Create Maintenance Policy dialog box. |
Step 2 | Click Organization and select the location in which you want to create the policy. |
Step 3 | Enter the
Name and optional
Description.
The name is case sensitive. |
Step 4 | Select when to
apply the changes that require a reboot.
This can be one of the following:
|
Step 5 | Choose whether to apply the changes on the next reboot, and ignore the selection in the Apply Changes On field. |
Step 6 | Click Create. |
Note | Simple schedules, whether recurring or a one time occurrence, do not have the option to require user acknowledgment. If you want to require user acknowledgment, you must choose an advanced schedule. |
Step 1 | In the Task bar,
type
Create
Schedule and press Enter.
This launches the Create Schedule dialog box. |
Step 2 | In Basic, enter a Name and optional Description. |
Step 3 | Choose whether
the schedule should be
Recurring,
One
Time, or
Advanced.
If Advanced, choose whether to require user acknowledgment. |
Step 4 | In
Schedule, complete the following:
|
Step 5 | Click Create. |
Cisco UCS Central allows creation of key rings as a third party certificate for stronger authentication. HTTPS uses components of the Public Key Infrastructure (PKI) to establish secure communications between two devices.
Each PKI device holds a pair of asymmetric Rivest-Shamir-Adleman (RSA) encryption keys, one kept private and one made public, stored in an internal key ring. A message encrypted with either key can be decrypted with the other key. To send an encrypted message, the sender encrypts the message with the receiver's public key, and the receiver decrypts the message using its own private key. A sender can also prove its ownership of a public key by encrypting (also called 'signing') a known message with its own private key. If a receiver can successfully decrypt the message using the public key in question, the sender's possession of the corresponding private key is proven. Encryption keys can vary in length, with typical lengths from 2048 bits to 4096 bits. In general, a longer key is more secure than a shorter key. Cisco UCS Central provides a default key ring with an initial 2048-bit key pair, and allows you to create additional key rings.
Note | If you regenerate the default key ring, logging into Cisco UCS Central after the regeneration might take a few minutes. |
The default key ring certificate must be manually regenerated if the cluster name changes or the certificate expires.
Note | When you create a key ring and certificate request, Cisco UCS Central generates the certificate request with required key usages set. The Key usages on certificate signed from a CA server should include SSL Client Authentication, and SSL Server Authentication . If you use Microsoft Windows Enterprise Certification Authority Server as Internal CA, you need to use the Computer template to generate the certificate, which will have both of these key usages set. If this template is not available in your setup, you need to use appropriate template which has both SSL Client Authentication, and SSL Server Authentication key usages set. |
Cisco UCS Central allows you to create a trusted point containing the certificate of the root certificate authority (CA) and a subordinate CA in a bundled format. The root CA must contain a primary and self-signed certificate.
Cisco UCS Central allows you to view fault logs, audit logs, sessions and other events.
Note | If the screen or widget that you are viewing is not current, click the refresh icon to see the latest data. |
Cisco UCS Central collects and displays all the Cisco UCS Central system faults on the Fault Logs page. To view these system fault logs, click the Alerts icon and select System Faults. The Faults Logs page displays information on the type and severity level of the fault, and allow you to monitor and acknowledge the system faults, and filter the faults that are displayed.
The faults table includes the following information for each fault:
Code—The ID associated with the fault
Timestamp—Date and time at which the fault occurred
Type—Origin of the fault
Cause—Cause of the fault
Affected Object—The component that is affected by this fault
Fault Details—The details of the fault.
Severity—The severity of the fault
Action—Any action required by the fault
To manage the information that is collected, see Configuring UCS Central System Policies.
Cisco UCS Central collects and displays faults from registered Cisco UCS domains in the UCS Domain Faults Log page. The faults are displayed by type and severity level. You can click on the fault type to expand and view the exact Cisco UCS domains where the faults have occurred. The UCS domain fault logs are categorized and displayed as follows:
Fault Level—The fault level that triggers the profile. This can be one of the following:
Critical—Critical problems exist with one or more components. These issues should be researched and fixed immediately.
Major—Serious problems exist with one or more components. These issues should be researched and fixed immediately.
Minor—Problems exist with one or more components that might adversely affect the system performance. These issues should be researched and fixed as soon as possible before they become major or critical issues.
Warning—Potential problems exist with one or more components that might adversely affect the system performance if they are allowed to continue. These issues should be researched and fixed as soon as possible before they get worse.
Healthy—No fault in any of the components in a domain.
Unknown—No fault in any of the components in a domain.
No Of Domains—The number of domains where the faults have occurred of each severity level.
Domain—The domain where the faults have occurred. Click a type to see the Cisco UCS domains that have one or more faults of that type and the details of the fault.
Critical—The number of critical faults of the selected type in the Cisco UCS domain.
Major—The number of major faults of the selected type in the Cisco UCS domain.
Minor—The number of minor faults of the selected type in the Cisco UCS domain.
Warning—The number of warning faults of the selected type in the Cisco UCS domain.
This table is displayed only when you select a domain from the UCS Domain Faults page.
Filter—Allows you to filter the data in the table.
ID— The unique identifier associated with the fault.
Timestamp—The day and time at which the fault occurred.
Type— Information about where the fault originated.
Cause— A brief description of what caused the fault.
Affected Object—The component that is affected by this issue.
Fault Details—More information about the log message.
Severity—Displays an icon denoting the fault severity. The icon key appears below the table.
Cisco UCS Central collects and displays the events that occurred in the system, such as when a user logs in or when the system encounters an error. When such events occur, the system records the event and displays it in the Event Logs. To view these event logs, click the Alerts icon from the menu bar, and select Events. The event logs record information on the following:
You can view a comprehensive list of configuration changes in Cisco UCS Central in the Audit Logs. When you perform configuration changes involving creating, editing or deleting tasks in the Cisco UCS Central GUI or the Cisco UCS Central CLI, Cisco UCS Central generates an audit log. In addition to the information related to configuration, the audit logs record information on the following:
Resources that were accessed.
Date and time at which the event occurred.
Unique identifier associated with the log message.
The user who triggered an action to generate the audit log. This can be an internal session or an external user who made a modification using the Cisco UCS Central GUI or the Cisco UCS Central CLI.
The source that triggered the action.
The component that is affected.
If an error occurs that causes the system to crash, then a core dump file is created. This core dump file includes information of the state of the system before the error occurred, and the time at which the system crashed. To view the core dump files, click the Alerts icon on the menu bar and select Core Dumps. In the Core Dumps log table you can view the following information:
You can view active sessions for remote and local users in Cisco UCS Central and choose to terminate those sessions from the server. To view the active sessions, click the Alerts icon on the menu bar and select Sessions. In the Active Sessions log table you can view the following information:
ID—The type of terminal from which the user logged in.
Timestamp—Date and time at which the user logged in.
User—The user name.
Type—The type of terminal from which the user logged in.
Host—The IP address from which the user logged in.
Status—Whether the session is currently active.
Actions—Click Terminate to end the selected session.
Internal service logs provide information on various providers and the version of the Cisco UCS Central associated with the provider. To view the internal services, click the Alerts icon on the menu bar and select Sessions.
In the Services section of the Internal Services page, you can view the following information:
Name—The type of the provider.
Last Poll—Day and time on which Cisco UCS Central last polled the provider.
IP Address—The IP address associated with the provider.
Version—The version of Cisco UCS Central associated with the provider.
Status—The operational state of the provider.
In the Clean Up section of the Internal Services page, you can view the following information:
Domain—The domain name.
Last Poll—Day and time on which Cisco UCS Central last polled the provider.
Lost Visibility—When Cisco UCS Central lost visibility to the provider.
Clean Up—Click Clean Up to remove all references of this Cisco UCS domain from Cisco UCS Central.
Note | The domain must be re-registered with Cisco UCS Central before it can be managed again by Cisco UCS Central. |
1. UCSC # scope monitoring
2. UCSC /monitoring # scope sysdebug
3. UCSC /monitoring/sysdebug # scope mgmt-logging
4. UCSC /monitoring/sysdebug/mgmt-logging # set module tomcat_config [crit | debug0 | debug1 | debug2 | debug3 | debug4 | info | major | minor | warn]
Command or Action | Purpose | |
---|---|---|
Step 1 | UCSC # scope monitoring |
Enters monitoring mode. |
Step 2 | UCSC /monitoring # scope sysdebug |
Enters sysdebug mode. |
Step 3 | UCSC /monitoring/sysdebug # scope mgmt-logging |
Enters management logging mode. |
Step 4 | UCSC /monitoring/sysdebug/mgmt-logging # set module tomcat_config [crit | debug0 | debug1 | debug2 | debug3 | debug4 | info | major | minor | warn] |
Sets the logging level. |
UCSC # scope monitoring UCSC /monitoring # scope sysdebug UCSC /monitoring/sysdebug # scope mgmt-logging UCSC /monitoring/sysdebug/mgmt-logging # set module tomcat_config debug4 UCSC /monitoring/sysdebug/mgmt-logging #
Cisco UCS Central, 1.4 enables you to generate reports on active API communication between the GUI and back-end from the Cisco UCS Central GUI. You can collect these communications for use in third party automation. You can start and stop collecting this report at any time during an active communication.
Step 1 | On the menu bar,
click
Operations icon and select
Start
Logging Session.
Systems starts logging the active API communication between the Cisco UCS Central GUI and the back-end. |
Step 2 | On the menu bar,
click
Operations icon and select
Stop
Logging Session.
A pop-up dialog box displays the option to Open or Save the API report text file. |
Step 3 | Select your choice and click OK to open or save the file. |