Cisco Cisco Security Manager 4.5 Guia De Especificação

Cisco Security Manager 4.4 API Specification (Version 1.1)

OL- 29074-01

Page 190

Troubleshooting (Common Scenarios)

Symptom: Certificate errors when communicating with the server

The CSM server uses self-signed certificates. Change the client program to accept self-signed certificates. Also API
access is only available over HTTPS and HTTP access is disabled for security reasons.

Symptom: Authentication errors even after a successful login

Intermittent session errors will be seen if the session has timed out or has been invalidated. Default session inactivity
timeout is 15 minutes. The session can be kept alive using a ping or hearbeat mechanism.

Symptom: Inline IP entered in the CSM GUI are retrieved as objects

CSM automatically encapsulates certain inline values (IP’s, Interface names etc.) inside a policy object for
convienience.

Symptom: Data visible in the CSM client UI are not seen in the response data when fetched via the API

This can be due to various reasons. Some of them are listed below:

API only returns committed data (i.e. all changes must be submitted). So check if all data that is visible in
the client is committed.

In some cases CSM specific settings are not returned in the response as it may not be relevant for API
access.

Check if the user has sufficient Role Based Access Control (RBAC) privileges to access the data

Symptom: Client does not receive any event notifications from the server

Some of the reasons for this problem:

The event subscription has not been done or has been registered with incorrect syslog server that receives
the notification

Session used to register the event subscription has timed out. All event notifications are tied to a user
session. If the user session is invalidated then all event notifications for that user session will be stopped.