Event Record Audit Logs faults in ACI

Based on object status or changes, the Cisco APIC generates the following objects for logging purpose:

Faults: for issues in the fabric (such as an issue in configuration or a fan failure on a node)
Events: for events in the fabric (similar to `show logging log` in standalone NX-OS)
Audit Logs: for configuration changes in the fabric (similar to `show accounting log` in standalone NX-OS)

These logging objects are created against a certain object (could be a configuration object or an object representing a hardware component, and so on).

These logging objects can also be exported to the existing network monitoring system in a respective format such as syslog, SNMP trap, Cisco Call Home message.

On top of these three logging objects, the Cisco APIC can also display an error message in the GUI and the CLI to prevent some of the unsupported operations or to display a warning.

Faults in Cisco ACI

Whenever you are performing a configuration, please always check the fault to ensure that ACI fabric does not detect any mis- or bad configuration. Faults are a very powerful tool to make sure that the configuration is correct.

On top of the configurations, it’s also raised against any abnormality in the fabric such as hardware failure, APIC clustering issues and so on. Hence, monitoring of faults is the primary key to use and operate ACI.

Faults have two types (class) of objects:

fault:Inst: When a fault condition is met on an object, a faultInst object is created under the object that experienced the fault condition.
fault:Delegate: Many objects are used internally by the system and are not presented conspicuously in the APIC GUI. To improve the visibility of a fault that might otherwise go unnoticed, for some faults a corresponding faultDelegate object is created and attached to an object that has higher visibility in the APIC. A fault delegate object is an identical copy of the original faultInst object.

The following example shows how to use APIC GUI to find out information about a fault that was raised. If you navigate to System > Faults, you can see a list of all the faults in the system. If you double-click on one of them, you can see the Fault properties. You can see in the following screen capture that Power supply on Node-1 has failed. To see the explanation about the fault and the recommended action to remediate that fault click the Troubleshooting tab. As seen in the following example, the recommended action is to replace the power supply unit that is failed. You can also see the audit log for the specific time before the fault.

To view a summary of fault statistics for the overall system, login to the APIC GUI and click System in the menu bar, followed by the Faults in the submenu bar. In addition, you can observe the fault counts by domain and fault counts by type (grouped by severity levels) by clicking on the Dashboard.

You can acknowledge faults, so you can quickly distinguish between faults that are new and faults that you have already seen. When you acknowledge a fault in the retaining state, the fault will be deleted immediately (without waiting for expiration or retention timer). However, acknowledging a fault in any other state has no effect other than setting the property ACK to yes.

Events and Audit Logs

An event is a specific condition that occurs at a certain point in time (for example, “link went from down to up”), which might be of interest to the user.

The following are the objects for events and audit logs:

eventRecord: an object for events
aaaModLR: an object for configuration changes (audit logs)
aaaSessionLR: an object for logins and logouts (audit logs)

An event MO such as eventRecord or aaaModLR is deleted by the rotation of the event log (its maximum value is specified in the retention policy), as newer events are added, and log space is needed.

Comment

You are will be the first.

Please login here to comment.

EMAIL SUPPORT

LOCATION

Event Record Audit Logs faults in ACI