Cisco Bug: CSCta32007 - CSA is causing Cisco CAR Scheduler jobs to fail in CUCM
Apr 29, 2010
- Cisco Unified Communications Manager (CallManager)
Known Affected Releases
Symptom: One or more CAR scheduler jobs can fail, with "CARSchedulerJobFailed" alarms being caught in RTMT and /var/log/active/syslog/CiscoSyslog file. Example jobs like 'CARIDSAlarm', 'TaskMonitor', 'DailyCdrLoad'. In CiscoSyslog, one can usually see an alarm of 'SyslogSeverityMatchFound' right before the alarm of 'CARSchedulerJobFailed'. For example: Jun 22 01:01:50 sw097b-cm1 local7 2 : 7634: sw097b-cm1.cisco.com: Jun 22 2009 06:01:50.37 UTC : %UC_RTMT-2-RTMT_ALERT: %[AlertName=SyslogSeverityMatchFound][AlertDetail= At Mon Jun 22 01:01:50 CDT 2009 on node sw097b-cm1, the following SyslogSeverityMatchFound events generated: SeverityMatch : Critical MatchedEvent : Jun 22 01:01:20 sw097b-cm1 local4 2 : 21: sw097b-cm1: Jun 22 2009 01:01:20.470 -0500: %CSA-2-EVENT_APCR_DENY: %[PID=4480][component=CiscoSecurityAgent] : The current application '/usr/local/cm/bin/carschlr' (as user ccmservice(513) group ccmbase(506)) attempted to execute the new application '/usr/bin/sudo'. The operation was denied. [rule 81] AppID : Cisco Syslog Agent ClusterID : NodeID : sw097b-cm1 TimeStamp : Mon Jun 22 01:01:20 CDT 2009][AppID=Cisco AMC Service][ClusterID=][NodeID=sw097b-cm1]: RTMT Alert Jun 22 01:01:50 sw097b-cm1 local7 3 : 7635: sw097b-cm1.cisco.com: Jun 22 2009 06:01:50.38 UTC : %UC_RTMT-3-RTMT_ALERT: %[AlertName=CARSchedulerJobFailed][AlertDetail= FailureDetail : [TaskMonitor] job failed, check the CAR Scheduler logs for details. FailureCause : Major Exception caught while running the job [TaskMonitor]. JobName : TaskMonitor AppID : Cisco CAR Scheduler ClusterID : NodeID : sw097b-cm1 TimeStamp : Mon Jun 22 01:01:20 CDT 2009. The alarm is generated on Mon Jun 22 01:01:20 CDT 2009.][AppID=Cisco AMC Service][ClusterID=][NodeID=sw097b-cm1]: RTMT Alert Conditions: Whenever CAR scheduler service (carschlr) job runs commands such as '/bin/cat' or '/usr/bin/sudo', the operation was denied and blocked by CSA (CiscoSecurityAgent). Problem can be seen in CUCM running 8.0.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases