[...]... the csalog.txt file on the MC in the 2 18 Chapter 11: Troubleshooting Methodology CSAMC45 directory in the CiscoWorks VMS installation path> as shown in Examples 111 and 11-2 that follow Example 11-1 License Errors in csalog.txt on the CSA MC [2005- 08- 20 00:03:40.046] [PID= 481 6] [webagent]: Agent Req 'Registration' Failure(2035), ip=192.1 68. 100.114, huid={A5EFBC01-4 588 -4744 -88 35-F9DD5D 884 A71} [2005- 08- 20... 00:03:50.453] [PID= 481 6] [webagent]: No such feature exists Feature: desktopagent Feature: desktopagent License path: C:\PROGRA~1\CSCOpx\CSAMC45\cfg\CSAMC.lic Example 11-2 Corresponding Error in the Remote Agent Log [2005- 08- 20 00:03:40.390] [PID=396] [Csamanager]: Registration failed without message Error code=2035 [2005- 08- 20 00:03:40.390] [PID=396] [Csamanager]: Registering with server csamc45, Failure... active hosts, except that it initially focuses on the rule most triggered rather than the hosts • Host Host Name—View Related Events—When viewing a Host configuration page, you can immediately view the events in the database from this specific host by clicking on View related events from the Quick links section of the Host configuration page, as displayed in Figure 10-12 Figure 10-12 View Related Events Host. .. CSA MC NOTE Remember that the CSA MC automatically deletes hosts that have not polled for 30 days from the database This should keep the count of used and available licenses from becoming too stale Recall that when a host is deleted from the database, the license is available again for the next registering host Also, all events from the deleted host are deleted along with any other record of that host. .. csaadapt must be executed as a privileged account, such as root As shown in Figure 11-3, running csaadapt without any parameters returns a list of valid parameters Figure 11-3 csaadapt Parameters All the tools mentioned at this point in the chapter run either from the CSA MC or the agent host Some of the tools used to troubleshoot CSA problems are the same tools that are used for resolving issues with. .. range from Information to Critical — Host You can enter the name of a host directly into this field to display only events from this host, or if desired, you can click the change link to open a dialog window complete with drop-down boxes that enable you to select the host from a list or select a group if desired Leaving this field blank or unconfigured defines all hosts as the matching criteria for this... you require CHAPTER 11 Troubleshooting Methodology As with any technology, problems will arise during a Cisco Security Agent (CSA) deployment Knowing what tools are available and how to use them to troubleshoot problems with CSA helps immensely At the end of this chapter, you will also understand common problems with the systems and services that CSA relies on, such as Domain Name System (DNS) and SQL... the CSagent service started correctly by filtering the Windows system log with a source of Service Control Manager It might also be wise to check that the service is set to start automatically Look at the Windows application log to see what events CSA might have logged Most events logged to the CSA MC are also sent to the local system’s application log These events show up in the application log with CSagent... 2 28 Chapter 11: Troubleshooting Methodology Agent Troubleshooting Tools There are several tools, utilities, and log files that are useful for troubleshooting problems with CSA CSA installs several utilities and creates log file recording information useful for determining what took place The following sections describe other useful tools included with the operating system and Microsoft SQL Server CSA. .. agents Licensing Often the most basic problems with CSA result from licensing issues, mainly the shortage of available licenses Fortunately, these are easy to diagnose and fix Make sure that there are unused licenses available for the machine type that tries to register with CSA by going to the License Information option under the Maintenance heading in the CSA MC This screen shows the license files installed . filtering of logs CSA MC Event Database The CSA MC stores all events collected from the CSA in a database format. By default, if you install the CSA MC software on a single server, the CSA MC installation. If the host is from another time zone than the CSA MC, there is an adjustment made to account for the time difference and it is stamped in the database with the time associated with the CSA MC. •. triggered rather than the hosts. • Host Host Name—View Related Events—When viewing a Host configuration page, you can immediately view the events in the database from this specific host by clicking on