Failover System Messages; Debug Messages; Snmp; Remote Command Execution - Cisco PIX 500 Series Configuration Manual

Chapter 14 Configuring Failover
•
•

Failover System Messages

The security appliance issues a number of system messages related to failover at priority level 2, which
indicates a critical condition. To view these messages, see the Cisco Security Appliance Logging
Configuration and System Log Messages to enable logging and to see descriptions of the system
messages.
During switchover, failover logically shuts down and then bring up interfaces, generating syslog 411001
Note
and 411002 messages. This is normal activity.

Debug Messages

To see debug messages, enter the debug fover command. See the Cisco Security Appliance Command
Reference for more information.
Because debugging output is assigned high priority in the CPU process, it can drastically affect system
Note
performance. For this reason, use the debug fover commands only to troubleshoot specific problems or
during troubleshooting sessions with Cisco TAC.

SNMP

To receive SNMP syslog traps for failover, configure the SNMP agent to send SNMP traps to SNMP
management stations, define a syslog host, and compile the Cisco syslog MIB into your SNMP
management station. See the snmp-server and logging commands in the Cisco Security Appliance
Command Reference for more information.

Remote Command Execution

Remote command execution lets you send commands entered at the command line to a specific failover
peer.
Because configuration commands are replicated from the active unit or context to the standby unit or
context, you can use the failover exec command to enter configuration commands on the correct unit,
no matter which unit you are logged-in to. For example, if you are logged-in to the standby unit, you can
use the failover exec active command to send configuration changes to the active unit. Those changes
are then replicated to the standby unit. Do not use the failover exec command to send configuration
commands to the standby unit or context; those configuration changes are not replicated to the active
unit and the two configurations will no longer be synchronized.
Output from configuration, exec, and show commands is displayed in the current terminal session, so
you can use the failover exec command to issue show commands on a peer unit and view the results in
the current terminal.
You must have sufficient privileges to execute a command on the local unit to execute the command on
the peer unit.
OL-12172-03
Debug Messages, page 14-51
SNMP, page 14-51
Cisco Security Appliance Command Line Configuration Guide
Remote Command Execution
14-51