[an error occurred while processing this directive]

Support

System Administration

Hierarchical Navigation

 Feedback

Table Of Contents

System Administration and Log Management

System Overview

Permission Manager

Creating New Permissions Groups

Setting Permissions

Applying the Settings

User Manager

Changing admin Password

Adding Users

User Information

Password

Profile

Applying the Settings

Log Viewer

Log Viewer Menus

File

View

Help

Log Viewer Buttons

Import

Export

Search

More Search

Settings

Purge

Refresh

About


System Administration and Log Management


System Overview

Users must have sufficient access rights, or permission levels, to perform any operations on network elements (the devices, such as routers, that make up the network) or system-level resources (such as templates or log messages). In the GUI application developed by Cisco, these access rights are administered through the Permission Manager.

Permissions are granted to user groups, not individual users. Permission groups are created and managed by the SuperUser (login name: admin), using the Permission Manager window. This window is opened when you click on the Permission Manager button in the Main Window. While any user can use this window to review current permissions for the group to which the user belongs, only the SuperUser can create, delete, or modify a permissions group. A user cannot belong to more than one permissions group at a time.


Note   This SuperUser is special to Cisco IP Manager, and should not be confused with the UNIX superuser. The Cisco IP Manager SuperUser is an administrator that has access to all users and elements of the system.


Users are added to the system (as well as removed, and their data managed) in the User Manager window, which opens when you click on the User Manager button in the Main Window. Only the SuperUser can add a user to the system.

Log messages are generated periodically by the various servers that make up the Cisco IP Manager software. These messages are stored in the database; access to them is through the Log Viewer window. To open this window, click on the Log Viewer button in the Main Window.

Permission Manager

Use the Permission Manager window to create and delete permissions groups and grant permission levels for various system resources. To open this window, click on the Permission Manager button on the Main Window.

Figure 7-1 Permission Manager window

Permissions groups are displayed in the pane on the left side of the window. The SuperUser (login: admin) can see all permissions groups; individual users can see only the group to which they belong. Only the SuperUser can make changes to groups.

Initially, no permissions groups appear in this pane. First you create a group, then add users to the group. You create the group with the Permission Manager. You must then separately open the User Manager and create users to add to the group.

Creating New Permissions Groups

Only the SuperUser can add a new permissions group.

Open the Permission Manager window and enter a name for the new permissions group in the New Group field in the pane on the left side of the window.

See the section "Name Restrictions" in Chapter 5, "Managing Network Elements" for limitations on characters in names.

Click the Add button to add the new group to the bottom of the Permissions Group list.

You must add the group before you can add users or define permissions.

Setting Permissions

Select a group from the Permissions Group list in the pane on the left side of the Permission Manager window.

Use the tabs at the top of the pane on the right side of the window to add users and set permissions. Permissions are set per group, not per individual. All members in the group receive the same access rights.

Tabs are:

Group Info—use this tab to enter a description of the group in the Permissions Group Description panel. This panel is for informational purposes only.

User List—use this tab to add users to the group. Select a user name from the New User Name drop-down list and click the Add User button. Repeat until the group has all of the members you want it to contain. A user can belong to only one group. Once the user has been added to a group, that name does not appear on the New User Name list. (Names must be entered in the User Manager before they are available for adding to a Permissions Group. See "User Manager" for information on adding users.)

shows the Permission Manager window with the User List tab selected, and the New User Name drop-down list.

Figure 7-2 Permission Manager window, User List tab

Click the Add User button to add the user to the Member List pane. A dialog box appears to indicate you have successfully added the new user. Highlight a user in the Member List pane and click the Delete User button to remove the user from the list.

System—use this tab to set the following system-wide permissions:

Log—click in a checkbox to grant Delete or Read access to the system log. Delete access is required to perform any operation that could cause a log message to be deleted. Read access is required to view a message.

Archive—click in a checkbox to grant Create, Delete, Read, or Modify access to the Archive Manager. Create access is required to check in a file and create a new version, create and add files to a label, and create a user-defined file type. Delete access is required to purge archived data, delete the latest version, delete a label, and delete a user-defined file type. Read access is required to view data in the archive. Modify access is required to add a file to or remove a file from an existing label.


Note   Archive permission checking is performed if the VCM server is launched with the permission checking flag (-A) on. This is the default launch.


Figure 7-3 Permission Manager window, System tab

Domain Permissions—use this tab to define domains in which members of the permissions group are allowed to create, modify, or delete other domains. Click the Add button and click on a domain in the Permission Manager: Domain Viewer window that opens. A message box asks for confirmation before adding the selected domain to the permissions group. Click the Yes button to add the domain, then click in any combination of the Create, Delete, Read, and Modify checkboxes to grant the permissions you want the group to have for the domain. You can add as many domains as you want. When you grant permission to work on a domain, you also implicitly grant permission to work on any of its subdomains.

In addition, you can grant resource permissions for members of a group to operate on elements and templates. Set the permissions for the following resources:

Element—click on any combination of Create, Delete, Read, Modify, or Operation checkboxes to grant permission to work with elements. (The Operation checkbox refers to upload and download operations.)

Template—click on any combination of Create, Delete, Read, or Modify checkboxes to grant permission to work with templates.

Figure 7-4 Permission Manager window, Domain Permissions tab

Applying the Settings

When you have set permissions, click the Apply button to save the permissions, or the Close button to close the Permission Manager window.

User Manager

Click the User Manager button on the Main Window to open the User Manager window. Use this window to add and remove individual users and modify their user profiles.

Figure 7-5 User Manager window

Changing admin Password

If this is the first time you have used the Cisco IP Manager software, only one entry—admin— appears in the User List at the left side of the window. You should select this entry and change the password. How to do this is explained under "Password."

Adding Users

To add a new user to the database, enter a user name in the New User field and a password in the Password field beneath the User List in the left pane of the window. Enter the password a second time in the Retype Password field, and click the Add button. You must supply a password when you first add a user. You can change that password later, including making it zero-length. The maximum length for a password is 64 characters.


Note   When you enter a password, the User Manager echoes each character as an asterisk, up to a certain limit. Beyond that limit, due to a Java constraint, each character echoes as a space. The User Manager retains all characters that you enter here, however (up to the maximum permissible length).


See the section "Name Restrictions" in Chapter 5, "Managing Network Elements" for limitations on characters in names.

After a user has been added to the database, you can use the tabs in the pane on the right side of the window to provide additional information.

User Information

Use the User Information tab to supply the Full Name and Description about this user. The Permissions Group field is for information only; this information is available if the user has been added to a Permissions Group in the Permission Manager. If not, the field reads "No Group Assigned."

Enter into the Full Name field the full name to associate with the user highlighted in the User List in the left pane of the window. The maximum length for Full Name is 64 characters.

Enter into the Description field a description to associate with the user highlighted in the User List in the left pane of the window. The maximum length for Description is 128 characters.

Password

The SuperUser (login: admin) can modify all data for all users, including passwords.

Individual users can see and modify only their own information.

To change passwords, click on the Password tab.The dialog shown in appears, with the Change Password radio button selected and your data displayed unless you are logged in as admin. (If you are the SuperUser, select a user from the list to see that user's information.)

Figure 7-6 User Manager window: Password tab

Enter the current password in the Old Password field. Enter the new password twice, once in the New Password field and again in the Reenter password field. The maximum length for a password is 64 characters.


Note   When you enter a password, the User Manager echoes each character as an asterisk, up to a certain limit. Beyond that limit, due to a Java constraint, each character echoes as a space. The User Manager retains all characters that you enter here, however (up to the maximum permissible length).


Clicking the Reset Password radio button resets the highlighted user's password to the system default (password). The Reset Password radio button is available only to the SuperUser; it is grayed out for any other user. You must click the Change Password radio button again to make entries in any of the fields.

The password change takes effect whenever you click the Apply or Close button, at which time a confirmation dialog is displayed.

Profile

Use the Profile tab to specify a Router User Name and Router Password. These fields can be up to 120 characters in length. If these two fields are set, this router user name and password will be used at the time of upload or download to log in to the router instead of the CIPM user name and password. Also refer to "VTY Tab" in Chapter 5, "Managing Network Elements."

You can also specify to change the router password by clicking the appropriate checkbox.


Note   When you enter a password, the User Manager echoes each character as an asterisk, up to a certain limit. Beyond that limit, due to a Java constraint, each character echoes as a space. The User Manager retains all characters that you enter here, however (up to the maximum permissible length).


Applying the Settings

When you have added users and modified their properties as you wish, click the Apply button to save the data, or the Close button to close the User Manager window.

Log Viewer

Users with log permissions can view or delete messages generated by the various servers that make up the Cisco IP Manager software, by clicking on the Log Viewer button on the Main Window.

The Log Viewer window opens.

Figure 7-7 Log Viewer window

The Log Viewer window displays all messages currently in the log (up to a maximum of 5000 records) when it opens. To view specific log messages, you can search the database for messages that meet criteria you specify, using the View menu options or the Search buttons.

The default time shown for each message is GMT, but you can also display it in local time.

The window is not refreshed automatically. Messages generated while the window is open are not displayed (nor are messages cleared when you purge the database) until you close and reopen the window, submit a new query, or click the Refresh button or Refresh item under the View menu.

The Log Viewer window contains three menus and eight buttons. The buttons correspond to some of the functions of the menus.

Log Viewer Menus

The Log Viewer window has the following menus:

File

The File menu has the following commands:

Import...

Returns previously exported data to the database. You can use this command to review information that was previously exported and then purged from the database (perhaps as a housekeeping measure). When you click on this menu item, a dialog (Import Log) appears in which you can navigate or directly specify a path or folder name, use a filter, or specify a file name.


Note   You are responsible for avoiding duplication of records. The Log server does not check imported records against those already in the database. If you import records that are already present, the database will contain duplicate records.


Figure 7-8 Log Viewer: Import Log Dialog

Highlight in the Files pane the file to import and click OK. You can change the Filter specification and click Update, and then the Files pane displays only those files that match the filtering criterion. If the file names have changed in the specified directory, use Update to display those files that match the filtering criterion. Navigate to different folders by highlighting the appropriate folder in the Folders pane; ".." specifies the parent folder. Your choice then appears in the Enter path or folder name field.

The Filter field default entry [^.]* is a regular expression that specifies displaying all files except those that begin with a dot, that is, all except hidden files. You can enter wildcard characters to display only the subset of files you wish to see. For example, *.log lists only those files with a .log extension.

When you click OK, a dialog indicating number of records appears while the data is being read. Click Close to close the dialog. The new data appears at the end of the current data displayed in the Log Viewer window.

Figure 7-9 Log Viewer: Import Status dialog

Export...

Writes to a file the data currently displayed in the Log Viewer window. This might not be all the messages in the database if you have not refreshed the window, or if the database contains more than 5000 records. When you click on this menu item, a dialog (Export Log) appears in which you can navigate or directly specify a path or folder name, use a filter, or specify a file name. The controls of the Export Log dialog function the same as those of the Import Log described earlier under "Import..."

If the database contains fewer than 5000 records and no filters are in effect to limit the view, then all records in the database are present in the view. In such case, Export... and Export All produce the same result.

A dialog showing percentage progress and indicating number of records appears while the data is being written.

Click Close to close the dialog, or, before the export ends, Abort to terminate the process.

Export All

Writes to a file all log messages currently in the database. The difference between Export All and Export... is that the latter exports only those records currently displayed in the Log Viewer window. The functionality, including interaction with the Export Log, is the same as described under "Export..."

Log Settings

Sets a limit on how many messages can be stored in the database. When you select this command, the Log Settings window opens.

Figure 7-10 Log Viewer: Log Settings window

Select the Automatically Overwrite Log As Needed button, then enter the number of lines the log can contain (maximum size is 2,147,483,647; the default value is 10,000).

Or, choose the Do Not Overwrite Log (Clear Log Manually) button if you do not want to set a limit.

When you have entered your choices, click the Save button to save your settings, or click Close to dismiss the window without saving your changes.

The Default button resets the limit to 10,000 lines and selects the Automatically Overwrite... button.

The Log Server (LOGServer) automatically removes older messages from the database whenever this limit is reached. However, to enhance performance, the limit is checked only once for every 100 messages generated. So it is possible that the database could be 99 messages over the limit at any given time.

Purge By Date

Purges the database of messages that fall within a specified date range. Enter a start date in the From field, and an ending date in the To field. You must enter these dates in YYYY/MM/DD format. Click Clear to clear the fields of any ranges you might have entered; click Cancel to exit the dialog without performing the operation. Click OK to initiate the purge. A Confirm dialog appears. Click Yes to immediately remove all messages in the specified date range from the database; click No to cancel the operation.


Note   The date range is always interpreted as GMT. To ensure purging the files you want, make sure the dates are displayed as GMT. You do this with the "GMT" command of the View menu.


Purge All

Purges the database of all log messages. When you select the Purge All menu option, a message box asks if you want to save the log messages first. If you click the No button, all messages in the database are purged immediately; click Cancel to cancel the operation. If you click the Yes button, a dialog (Export Log) appears in which you can specify the name of a file to which to save the data in the database. This dialog functions exactly as described earlier under "Export..." When you click OK here, all messages in the database are first saved to the specified file, and then purged from the database.

Check Log Size

Counts the number of messages currently in the database and displays the result in a message box.

Close

Closes the Log Viewer window.

Exit

Closes all open Cisco IP Manager windows and exits the software.

View

The View menu has the following commands:

Search

Lets you specify criteria for messages, in the Search window. This window allows you to specify a range of dates, a specific server, message category, and specific message contents.

Figure 7-11 Log Viewer: Search window

The Server button produces a drop-down list of Cisco IP Manager servers within which to search; the default is (All).

The Source field identifies the location within the server software that caused the log message to be generated.

Use the Message field to specify a string of characters; if that string is contained in a message that also meets the other criteria, the message is displayed in the Log Viewer window.

You can enter data into any combination of these fields; messages meeting your specified criteria are displayed when you click the OK button. (Only the administrator can view messages generated by all users; non-administrator users can view only their own messages.)

Click the Cancel button to dismiss the Search window without generating a log request. Click the Clear button to remove text from all fields in the Search window.

More Search

Lets you specify different criteria for log messages—date range, domain, or network element—in the More Search window.

Figure 7-12 Log Viewer: More Search window

Enter data into any or all of the fields; messages that match the criteria specified are displayed in the Log Viewer window when you click the OK button.

If you enter only a Starting Date, all messages currently stored in the database that have been generated since the beginning of that day are displayed; if you enter only an End Date, all messages currently stored in the database that were generated before the end of the specified date are displayed. The same behavior is true for each of the other fields.

Click the Cancel button to close the window without generating a log request. Click the Clear button to clear text from all of the fields in the window.

Clear

Clears the Log Viewer window of all messages. Use this command before one of the search options if you want to display only those items found by the search option.

GMT

Specifies date display as Greenwich Mean Time. This is the default.

LocalTime

Specifies date display as local time (with respect to the GUI client).

Error Codes

Displays a list of Cisco IP Manager error codes, arranged by server.

Clear

Removes all data from the Log Viewer window. This has no effect on the database.

Refresh

Reads all records currently into the database into the Log Viewer window, up to a maximum of 5000.

Help

The Help menu has the following commands:

Sorting

Displays a message window that explains how to specify sorting order (click in a column header to sort log messages by that column in ascending order; hold the shift key down and click in a column header to sort messages by that column in descending order).

About

Displays information about the Cisco IP Manager software.

Log Viewer Buttons

The Log Viewer window has the following buttons:

Import

The Import button functions exactly the same as the "Import..." menu item of the File menu.

Export

The Export button functions exactly the same as the "Export All" menu item of the File menu.

Search

The Search button functions exactly the same as the "Search" menu item of the View menu.

More Search

The More Search button functions exactly the same as the "More Search" menu item of the View menu.

Settings

The Settings button functions exactly the same as the "Log Settings" menu item of the File menu.

Purge

The Purge button functions exactly the same as the "Purge By Date" menu item of the File menu.

Refresh

The Refresh button functions exactly the same as the "Refresh" menu item of the View menu.

About

The About button functions exactly the same as the "About" menu item of the Help menu.


[an error occurred while processing this directive]