Cisco Systems Servers Benutzerhandbuch

immediate warning of "brute force" attacks by alerting the administrator to a large 
number of accounts becoming disabled. In addition, it facilitates a support help 
desk to anticipate problems with individual users gaining access.

CSMon records all exception events in logs that you can use to diagnose 
problems. CSMon puts the logs in two places, sends notification(s), and responds:

CSMon Log—Like the other Cisco Secure ACS components, CSMon 
maintains a CSV log of its own for diagnostic and error logging. Because this 
logging consumes relatively small amounts of resources, CSMon logging 
cannot be disabled.

Windows NT/2000 Event Log—In addition to the native CiscoSecure service 
logging, CSMon logs all messages to the Windows NT/2000 Event Log. 
Logging to the Windows NT/2000 Event Log is enabled by default but can be 
disabled.

Notification—CSMon can be configured to notify system administrators in 
the following cases:

Exception events (including the current state of Cisco Secure ACS)

Response

Outcome of the response (including the current state of Cisco Secure ACS)

The default notification method is simple mail-transfer protocol (SMTP) 
e-mail, but you can create scripts to enable other methods.

Response—CSMon detects exception events that affect the integrity of the 
service. Monitored events are listed above. These events are 
application-specific and hard-coded into Cisco Secure ACS. There are two 
types of responses:

Warning events—Service is maintained but some monitored threshold is 
breached

Failure events—One or more Cisco Secure ACS components stop 
providing service