CiscoWorks Network Compliance Manager Alert Center Installation and Configuration Guide

Table Of Contents

CiscoWorks Network Compliance Manager Alert Center

Installing CiscoWorks NCM Alert Center on a Windows Server

Pre-Installation Requirements

Installing the CiscoWorks NCM Alert Center

Installing the CiscoWorks NCM Alert Center in Debugging Mode

Uninstalling the CiscoWorks NCM Alert Center

Configuring the CiscoWorks NCM Alert Center

Configuring Services and Streams

Launching the CiscoWorks NCM Alert Center

Scheduling the CiscoWorks NCM Alert Center to Run as an External Application Task

Command Line Options, Importing Content, and Log Files

Installing CiscoWorks NCM Alert Center on a Solaris Server

Pre-Installation Requirements

Installing the CiscoWorks NCM Alert Center

Installing the CiscoWorks NCM Alert Center in Debugging Mode

Uninstalling the CiscoWorks NCM Alert Center

Configuring the CiscoWorks NCM Alert Center

Configuring Services and Streams

Launching the CiscoWorks NCM Alert Center

Command Line Options, Importing Content, and Log Files

Scheduling the CiscoWorks NCM Alert Center to Run as an External Application Task

Installing CiscoWorks NCM Alert Center on a Red Hat Enterprise Linux Server

Pre-Installation Requirements

Installing the CiscoWorks NCM Alert Center

Installing the CiscoWorks NCM Alert Center in Debugging Mode

Uninstalling the CiscoWorks NCM Alert Center

Configuring the CiscoWorks NCM Alert Center

Configuring Services and Streams

Launching the CiscoWorks NCM Alert Center

Command Line Options, Importing Content, and Log Files

Scheduling the CiscoWorks NCM Alert Center to Recur

Known Issues

Accessing the CiscoWorks NCM Documentation Set

Obtaining Documentation and Submitting a Service Request

Installation and Configuration Guide

CiscoWorks Network Compliance Manager Alert Center

This guide describes installing and configuring the CiscoWorks Network Compliance Manager (NCM) Alert Center on Windows, Solaris, and Red Hat Enterprise Linux platforms.

The CiscoWorks NCM Alert Center is a subscription service that provides network vulnerability alerts on an on-going basis. This guide will assist you in setting up the Alert Center to operate with CiscoWorks NCM.

The CiscoWorks NCM Alert Center is a unique security service. Unlike traditional alerts that are typically delivered via email, the Security Alert service delivers alerts as CiscoWorks NCM software compliance policies. As a result, you can rapidly identify all vulnerable devices across your network and perform remediation before your environment is compromised. With Alert Center, your CiscoWorks NCM server automatically checks for and downloads security alerts as they become available.

Note The CiscoWorks NCM Alert Center requires CiscoWorks NCM, Release 1.3 and the CiscoWorks NCM, Release 1.3 December 2007 Patch (NCM13P01.zip) available at http://www.cisco.com/cgi-bin/tablebuild.pl/cwncm-crypto
In some CiscoWorks NCM documentation, this patch is referred to as CWNCM13-Dec-2007-Critical-Bugfix-Patch.zip. Both names refer to this patch.

This guide contains the following sections:

• Installing CiscoWorks NCM Alert Center on a Windows Server

• Installing CiscoWorks NCM Alert Center on a Solaris Server

• Installing CiscoWorks NCM Alert Center on a Red Hat Enterprise Linux Server

• Known Issues

• Accessing the CiscoWorks NCM Documentation Set

• Obtaining Documentation and Submitting a Service Request

Note All documentation, including this document and any or all of the parts of the CiscoWorks NCM documentation set, might be upgraded over time. Therefore, we recommend you access the CiscoWorks NCM documentation set using the Cisco.com URL: http://www.cisco.com/en/US/products/ps6923/tsd_products_support_series_home.html

The Docs tab visible from within CiscoWorks NCM might not include links to the latest documents.

1 Installing CiscoWorks NCM Alert Center on a Windows Server

This section explains how to install and configure the CiscoWorks NCM Alert Center on a CiscoWorks NCM Windows server.

Pre-Installation Requirements

Before you begin to install CiscoWorks NCM Alert Center, make sure you have the following:

•The credentials to login into www.cisco.com and to reach the CWNCM software download location at http://www.cisco.com/cgi-bin/tablebuild.pl/cwncm-crypto

•Access to unzip or an equivalent archiving utility.

•A CiscoWorks NCM Windows server running successfully.

•Windows administrator access to the CiscoWorks NCM server.

•An SMTP Server set up and accessible from the CiscoWorks NCM server.

Installing the CiscoWorks NCM Alert Center

To install the CiscoWorks NCM Alert Center, do the following:

Step 1 Navigate to http://www.cisco.com/cgi-bin/tablebuild.pl/cwncm-crypto to download the Alert Center package.

Step 2 Enter your www.cisco.com username and password to login.

Step 3 Select the CWNCM1_3_AlertCenterInstaller-K9.zip file to download. When prompted, save the .zip file to a temporary location on your local drive such as Desktop.

Step 4 In the directory to which you downloaded the .zip file, unzip the file to a temporary directory. For example, C:\temp. Keep the subdirectory structure intact.

Step 5 Launch the Installer from the directory where the files were unzipped. For example, C:\temp\alert_center_cache\installer.exe.

The following prompt appears:

Enter your CiscoWorks NCM Username:

Step 6 Enter your CiscoWorks NCM username. The following prompt appears:

Enter your CiscoWorks NCM Password:

Step 7 Enter your CiscoWorks NCM password. This password will be encrypted. The following prompt appears:

Enter your Cisco.com username:

Step 8 Enter the Cisco.com username of the user that will be entitled to use the service. The following prompt appears:

Enter your purchase order number:

Step 9 Enter your purchase order number. The following prompt appears:

Enter your Sales Order number:

Step 10 Enter your Sales Order number. The following prompt appears:

Enter your company's name as it appears on the invoice:

Step 11 Enter your company's name as it appears on the invoice. The following prompt appears:

Enter the email address that the confirmation number should be sent to:

Step 12 Enter the email address that the confirmation number should be sent to. The following prompt appears:

Enter your full name:

Step 13 Enter your full name. A message appears that the installation was successful.

Step 14 Click Enter to exit the Installer and return to the prompt.

Step 15 An email will be sent to ncmac-subscription@cisco.com that contains the information used to authorize your Cisco.com account to the service.

If there is an error sending the email message, the following message appears: An error occurred when attempting to send the registration email to Cisco. Please send an email to ncmac-subscription@cisco.com that contains the content of the file <CWNCM_install_directory>\content\registration_email.txt. The install was otherwise successful.

You will need to wait for your account to be authorized before proceeding.

If the installation fails, uninstall CiscoWorks NCM Alert Center using the instructions in the "Uninstalling the CiscoWorks NCM Alert Center" section and install CiscoWorks NCM Alert Center in Debugging mode using the instructions in the "Installing the CiscoWorks NCM Alert Center in Debugging Mode" section. Capture the console output and logs and contact Cisco Technical Support.

Installing the CiscoWorks NCM Alert Center in Debugging Mode

You can launch the Installer in debug mode to create a log for debugging purposes. Launch the Installer from the directory where the files were unzipped. For example, C:\temp\alert_center_cache\installer.exe debug. The rest of the installation process is unchanged. The installer log created in debug mode is located in

<CWNCM_install_directory>\content\content_cache_install.log

Uninstalling the CiscoWorks NCM Alert Center

To uninstall the CiscoWorks NCM Alert Center, delete the following directory:

<CWNCM_install_directory>\content\alert_center_content_cache

Configuring the CiscoWorks NCM Alert Center

To configure authentication, do the following:

Step 1 Using a text editor, open the configuration file. By default, the configuration file is <CWNCM_install_directory>\content\alert_center_content_cache\conf\alert_center_content_cache.conf.

Step 2 At the username and password entries in the configuration file, type your www.cisco.com username and password.

Step 3 At the ncm_user and ncm_pass entries in the configuration file, type the CiscoWorks NCM administrator username and password.

Step 4 Check if the url variable in the configuration file is set to the following value:

https://upload.cisco.com/cgi-bin/swc/fileexg/main.cgi?CONTYPES=NCM-Streams

Step 5 Save your changes to the configuration file.

Step 6 To hash your password, open a command prompt in the <CWNCM_install_directory>\content\alert_center_content_cache\bin directory, and then run the following command:

alert_center_content_cache.exe --encrypt-password

When you first run the CiscoWorks NCM Alert Center, the CiscoWorks NCM Alert Center will automatically authenticate itself by detecting redirects. This authentication verifies that the location it is redirected to is an Cisco.com domain, and retrieves and provides cookies as needed.

Configuring Services and Streams

To configure services and streams, do the following:

Step 1 At a command prompt, enter the following command to view a list of available streams:

alert_center_content_cache.exe --list-streams

The format of the value returned by that command is platform, service, stream (stream.name). An example of a stream returned by this command is

ncm security vc_cisco (security.vc_cisco)

Each service that you want to have access to must have a section in the CiscoWorks NCM Alert Center configuration file.

If the alert_center_content_cache.conf file lacks a section for a service, edit the file and add a section as appropriate. By default, the configuration file is

<CWNCM_install_directory>\content\alert_center_content_cache\conf\alert_center_content_cache.exe

Step 2 Each stream in a service must be enabled in the configuration file in its service section. Set the value of a stream to 1 to enable the stream, or to 0 to disable that stream.

Launching the CiscoWorks NCM Alert Center

In addition to the steps in "Configuring the CiscoWorks NCM Alert Center" section, the CiscoWorks NCM Alert Center should have default values for its other configuration values. To launch the CiscoWorks NCM Alert Center, do the following:

Step 1 Open a command prompt, and then change to the <CWNCM_install_directory>\content\alert_center_content_cache\bin directory.

Step 2 Run the following command:

alert_center_content_cache.exe

Contents are imported into CiscoWorks NCM as Policies. To view the list of policies, navigate Policies > Policy List.

By default, the CiscoWorks NCM Alert Center will:

•Connect over SSL

•Re-attempt a failed download once

•Retain successfully downloaded files in the cache until they have been updated on the server.

Note The first update can take a significant amount of time.

Scheduling the CiscoWorks NCM Alert Center to Run as an External Application Task

To schedule the CiscoWorks NCM Alert Center to run as an external application task, do the following:

Step 1 Log in to CiscoWorks NCM.

Step 2 Navigate Tasks > New Task > Run External Application. The New Task - Run External Application window appears.

Step 3 In the Task Name field, enter Synchronize Security Service Alert.

Step 4 In the Start Date field, click Calendar and select the Wednesday of the current or following week. Then, edit the start time to read 5:00am local time (such as: 02-10-08 05:00). Security Alert updates are automatically released every Tuesday (Pacific Standard Time (PST) = GMT-8). In addition, they are released for immediate vulnerabilities based on alert criticality. It is recommended that you automate this task to run on Wednesday morning so as to capture new security alerts as they become available.

Step 5 In the Comments field, type: The Cisco Network: Security Alert Service Update Client.

Step 6 Under the Task Options section in the Run field, enter:

<CWNCM_install_directory>\content\alert_center_content_cache\bin\alert_center_content_cache.exe

Step 7 Leave the Start In field blank.

Step 8 In the Task Result field, select Treat non-zero result code as failed task.

Step 9 In the Text Output field, select the desired output method.

Step 10 Under the Scheduling Options section in the Retry Count field, you can either accept the default No Retry or select any of the other options.

Step 11 In the Retry Interval field, accept the default retry interval five minutes.

Step 12 In the Recurring Options field, select Weekly and Wed.

Step 13 In the Range of Recurrence field, accept the default No End Date.

Step 14 Click Save Task.

Command Line Options, Importing Content, and Log Files

This section describes command line options, importing content, and the CiscoWorks NCM Alert Center log file.

Command Line Options

To see the complete list of available command line options and the online Help, do the following:

Step 1 Open a command prompt and then change to the <CWNCM_install_directory>\content\alert_center_content_cache\bin directory.

Step 2 Run the following command:

alert_center_content_cache.exe --help

The following table shows some of the available options that can be called at the command line when launching the CiscoWorks NCM Alert Center. These options can also be set in the configuration file.

Table 1 CiscoWorks NCM Alert Center Command Line Options for Windows

Option

Description

--username=USERNAME

Username for accessing content on the host. Host refers to Cisco.com credentials.

--password=PASSWORD

Password for accessing content on the host. Host refers to Cisco.com credentials.

--http-proxy
--http-proxy-user
--http-proxy-pass

Configures http proxy settings.

-e EXPORT_TO_DIRECTORY, --export-to-directory=EXPORT_TO_DIRECTORY

Exports the downloads to this directory. Content is not imported with this option. For example:

alert_center_content_cache.exe -e \cisco_user\alertcenter

-i IMPORT_FROM_DIRECTORY, --import-from-directory=IMPORT_FROM_DIRECTORY

Imports the downloads from this directory. Content is not downloaded with this option. Content can only be imported after it has been downloaded using the -e EXPORT_TO_DIRECTORY option. You must specify the same EXPORT_TO_DIRECTORY directory or folder name for the IMPORT_FROM_DIRECTORY. For example:

alert_center_content_cache.exe -i \cisco_user\alertcenter

--platform

Restricts the content to be downloaded to a specific product. For example, --platform ncm limits the download to content that is relevant to CiscoWorks NCM.

--encrypt-password

Encrypts the passwords entered in plaintext in the configuration file.

Note You must have the following to import content: CiscoWorks NCM administrator privileges and the correct CiscoWorks NCM Username and Password in the configuration file. You must be running CiscoWorks NCM to import content.

Importing Content

To help verify that the content was downloaded, the CiscoWorks NCM Alert Center calculates the MD5 sum of downloaded files and checks the result against the MD5 sum listed for the file in the stream. The CiscoWorks NCM Alert Center will update the cache file to list a file as downloaded if the download succeeds. The CiscoWorks NCM Alert Center retains the files in the cache unless it is instructed not to do so.

The CiscoWorks NCM Alert Center checks the return status of the import commands to see if the import succeeded. If the import succeeded, the CiscoWorks NCM Alert Center marks the file as imported and caches the information. Check the log file to make sure that the content imported successfully.

CiscoWorks NCM Alert Center Log File

By default, the CiscoWorks NCM Alert Center log file is named alert_center_content_cache.log and is located in the following directory:

<CWNCM_install_directory>\content\alert_center_content_cache\log

Also note that the log file name and location can be configured in the configuration file as:

logfile_path=log/alert_center_content_cache.log

2 Installing CiscoWorks NCM Alert Center on a Solaris Server

This section explains how to install and configure the CiscoWorks NCM Alert Center on a Solaris 9 or Solaris 10 server running CiscoWorks NCM.

Pre-Installation Requirements

The following are requirements for installing CiscoWorks NCM Alert Center on a Solaris server:

•Credentials to login into www.cisco.com and to reach the CWNCM software download location at http://www.cisco.com/cgi-bin/tablebuild.pl/cwncm-crypto

•Root permission to install software.

•Python 2.5 is required for the CiscoWorks NCM Alert Center to operate on Unix platforms. Cisco recommends that you use Python from ActiveState ( http://www.activestate.com/), as these are the Python implementations that are tested with the CiscoWorks NCM Alert Center installation. Python should be in your PATH variable.

Note CiscoWorks NCM 1.3 must be restarted after the Python PATH variable is updated on the system.

Installing the CiscoWorks NCM Alert Center

To install the CiscoWorks NCM Alert Center, do the following:

Step 1 Navigate to http://www.cisco.com/cgi-bin/tablebuild.pl/cwncm-crypto to download the Alert Center package.

Step 2 Enter your www.cisco.com username and password to login.

Step 3 Select the CWNCM1_3_AlertCenterInstaller-K9.zip file to download. When prompted, save the .zip file to a location on your local drive.

Step 4 At a command prompt, navigate to the directory that you downloaded the .zip to, and then type the following command to unzip the file:

unzip CWNCM1_3_AlertCenterInstaller-K9.zip

Step 5 To unzip the CiscoWorks NCM Alert Center Installer, type the following command:

gunzip alert-center-content-cache-solaris-installer.tar.gz

Step 6 To untar the CiscoWorks NCM Alert Center Installer, type the following command:

tar -xvf alert-center-content-cache-solaris-installer.tar

Step 7 To launch the Installer, type the following command:

./installer

The following prompt appears:

Enter your CiscoWorks NCM Username:

Step 8 Enter your CiscoWorks NCM username. The following prompt appears:

Enter your CiscoWorks NCM Password:

Step 9 Enter your CiscoWorks NCM password. This password will be encrypted. The following prompt appears:

Enter your Cisco.com username:

Step 10 Enter the Cisco.com username of the user that will be entitled to use the service. The following prompt appears:

Enter your purchase order number:

Step 11 Enter your purchase order number. The following prompt appears:

Enter your Sales Order number:

Step 12 Enter your Sales Order number. The following prompt appears:

Enter your company's name as it appears on the invoice:

Step 13 Enter your company's name as it appears on the invoice. The following prompt appears:

Enter the email address that the confirmation number should be sent to:

Step 14 Enter the email address that the confirmation number should be sent to. The following prompt appears:

Enter your full name:

Step 15 Enter your full name. A message appears that the installation was successful.

Step 16 Click Enter to exit the Installer and return to the prompt.

Step 17 An email will be sent to ncmac-subscription@cisco.com that contains the information used to authorize your Cisco.com account to the service.

If there is an error sending the email message, the following message appears: An error occurred when attempting to send the registration email to Cisco. Please send an email to ncmac-subscription@cisco.com that contains the content of the file <CWNCM_install_directory>/content/registration_email.txt The install was otherwise successful.

You will need to wait for your account to be authorized before proceeding.

If the installation fails, uninstall CiscoWorks NCM Alert Center using the instructions in the "Uninstalling the CiscoWorks NCM Alert Center" section and install CiscoWorks NCM Alert Center in Debugging mode using the instructions in the "Installing the CiscoWorks NCM Alert Center in Debugging Mode" section. Capture the console output and logs and contact Cisco Technical Support.

Installing the CiscoWorks NCM Alert Center in Debugging Mode

You can launch the Installer in debug mode to create a log for debugging purposes. To launch the Installer, enter the following command:

./installer debug

The rest of the installation process is unchanged. The installer log created in debug mode is located in

<CWNCM_install_directory>/content/content_cache_install.log

Uninstalling the CiscoWorks NCM Alert Center

To uninstall the CiscoWorks NCM Alert Center, delete the following directory:

pkgrm alert-center-content-cache

Configuring the CiscoWorks NCM Alert Center

To configure authentication, do the following:

Step 1 Add the path /opt/cisco/alert_center_content_cache/bin to your $PATH variable.

Step 2 Using a text editor, open the configuration file. By default, the configuration file is

/opt/cisco/etc/alert_center_content_cache/alert_center_content_cache.conf

Step 3 At the username and password entries in the configuration file, type your Cisco.com username and password.

Step 4 At the ncm_user and ncm_pass entries in the configuration file, type the CiscoWorks NCM administrator username and password.

Step 5 Check if the url variable in the configuration file is set to the following value:

https://upload.cisco.com/cgi-bin/swc/fileexg/main.cgi?CONTYPES=NCM-Streams

Step 6 Save your changes to the configuration file.

Step 7 To hash your password, run the following command:

alert_center_content_cache --encrypt-password

When you first run the CiscoWorks NCM Alert Center, the CiscoWorks NCM Alert Center will automatically authenticate itself by detecting redirects. This authentication verifies that the location it is redirected to is an cisco.com domain, and retrieves and provides cookies as needed.

Configuring Services and Streams

To configure services and streams, do the following:

Step 1 At a command prompt, enter the following command to view a list of available streams:

alert_center_content_cache --list-streams

The format of the value returned by that command is platform, service, stream (stream.name). An example of a stream returned by this command is

ncm security vc_cisco (security.vc_cisco)

Each service that you want to have access to must have a section in the CiscoWorks NCM Alert Center configuration file.

Step 2 If the alert_center_content_cache.conf file lacks a section for a service, edit the file and add a section as appropriate. By default, the configuration file is

/opt/cisco/etc/alert_center_content_cache/alert_center_content_cache.conf

Step 3 Each stream in a service must be enabled in the configuration file in its service section. Set the value of a stream to 1 to enable the stream, or to 0 to disable that stream.

Launching the CiscoWorks NCM Alert Center

In addition to the steps in "Configuring Services and Streams" section, the CiscoWorks NCM Alert Center should have default values for its other configuration values. Assuming that the CiscoWorks NCM Alert Center script is in $PATH, perform the following command to launch the CiscoWorks NCM Alert Center:

Step 1 At a command prompt, run the following command:

alert_center_content_cache

Contents are imported into CiscoWorks NCM as Policies. To view the list of policies, navigate Policies > Policy List.

By default, the CiscoWorks NCM Alert Center will:

•Connect over SSL

•Re-attempt a failed download once

•Retain successfully downloaded files in the cache until they have been updated on the server.

Note The first update can take a significant amount of time.

Command Line Options, Importing Content, and Log Files

This section describes command line options, importing content, and the CiscoWorks NCM Alert Center log file.

Command Line Options

To see the complete list of available command line options and the online Help, do the following:

Step 1 Open a command prompt.

Step 2 Run the following command:

alert_center_content_cache --help

The following table shows some of the available options that can be called at the command line when launching the CiscoWorks NCM Alert Center. These options can also be set in the configuration file.

Table 2 CiscoWorks NCM Alert Center Command Line Options for Solaris

Option

Description

--username=USERNAME

Username for accessing content on the host. Host refers to Cisco.com credentials.

--password=PASSWORD

Password for accessing content on the host. Host refers to Cisco.com credentials.

--http-proxy
--http-proxy-user
--http-proxy-pass

Configures http proxy settings.

-e EXPORT_TO_DIRECTORY, --export-to-directory=EXPORT_TO_DIRECTORY

Exports the downloads to this directory. Content is not imported with this option. For example:

alert_center_content_cache.exe -e /home/user/alertcenter

-i IMPORT_FROM_DIRECTORY, --import-from-directory=IMPORT_FROM_DIRECTORY

Imports the downloads from this directory. Content is not downloaded with this option. Content can only be imported after it has been downloaded using the -e EXPORT_TO_DIRECTORY option. You must specify the same EXPORT_TO_DIRECTORY directory or folder name for the IMPORT_FROM_DIRECTORY. For example:

alert_center_content_cache.exe -i /home/user/alertcenter

--platform

Restricts the content to be downloaded to a specific product. For example, --platform ncm limits the download to content that is relevant to CiscoWorks NCM.

--encrypt-password

Encrypts the passwords entered in plaintext in the configuration file.

Note You must have the following to import content: CiscoWorks NCM administrator privileges and the correct CiscoWorks NCM Username and Password in the configuration file. You must be running CiscoWorks NCM to import content.

Importing Content

To help verify that the content was downloaded, the CiscoWorks NCM Alert Center calculates the MD5 sum of downloaded files and checks the result against the MD5 sum listed for the file in the stream. The CiscoWorks NCM Alert Center will update the cache file to list a file as downloaded if the download succeeds. The CiscoWorks NCM Alert Center retains the files in the cache unless it is instructed not to do so.

The CiscoWorks NCM Alert Center checks the return status of the import commands to see if the import succeeded. If the import succeeded, the CiscoWorks NCM Alert Center marks the file as imported and caches the information. Check the log file to make sure that the content imported successfully.

CiscoWorks NCM Alert Center Log File

The CiscoWorks NCM Alert Center log file is named alert_center_content_cache.log and is located in the following directory:

/var/log/cisco/alert_center_content_cache/

Scheduling the CiscoWorks NCM Alert Center to Run as an External Application Task

To schedule the CiscoWorks NCM Alert Center to run as an external application task, do the following:

Step 1 Log in to CiscoWorks NCM.

Step 2 Navigate Tasks > New Task > Run External Application. The New Task - Run External Application window appears.

Step 3 In the Task Name field, enter Synchronize Security Service Alert.

Step 4 In the Start Date field, click Calendar and select the Wednesday of the current or following week. Then, edit the start time to read 5:00am local time (such as: 02-10-08 05:00). Security Alert updates are automatically released every Tuesday (Pacific Standard Time (PST) = GMT-8). In addition, they are released for immediate vulnerabilities based on alert criticality. It is recommended that you automate this task to run on Wednesday morning so as to capture new security alerts as they become available.

Step 5 In the Comments field, type: The Cisco Network: Security Alert Service Update Client.

Step 6 Under the Task Options section in the Run field, enter:

/opt/cisco/alert_center_content_cache/bin/alert_center_content_cache

Step 7 Leave the Start In field blank.

Step 8 In the Task Result field, select Treat non-zero result code as failed task.

Step 9 In the Text Output field, select the desired output method.

Step 10 Under the Scheduling Options section in the Retry Count field, you can either accept the default No Retry or select any of the other options.

Step 11 In the Retry Interval field, accept the default retry interval five minutes.

Step 12 In the Recurring Options field, select Weekly and Wed.

Step 13 In the Range of Recurrence field, accept the default No End Date.

Step 14 Click Save Task.

3 Installing CiscoWorks NCM Alert Center on a Red Hat Enterprise Linux Server

This section explains how to install and configure the CiscoWorks NCM Alert Center on a Red Hat Enterprise Linux 3 (RHEL3) server running CiscoWorks NCM.

Pre-Installation Requirements

The following are requirements for installing CiscoWorks NCM Alert Center on a Red Hat Enterprise Linux server:

•Make sure you have the credentials to login into www.cisco.com and to reach the CWNCM software download location at http://www.cisco.com/cgi-bin/tablebuild.pl/cwncm-crypto

•Python 2.5 is required for the CiscoWorks NCM Alert Center to operate on Unix platforms. Cisco recommends that you use Python from ActiveState ( http://www.activestate.com/), as these are the Python implementations that are tested with the CiscoWorks NCM Alert Center installation. Python should be in your PATH variable.

Note CiscoWorks NCM 1.3 must be restarted after the Python PATH variable is updated on the system.

Installing the CiscoWorks NCM Alert Center

Step 1 Navigate to http://www.cisco.com/cgi-bin/tablebuild.pl/cwncm-crypto to download the Alert Center package.

Step 2 Enter your www.cisco.com username and password to login.

Step 3 Select the CWNCM1_3_AlertCenterInstaller-K9.zip file to download. When prompted, save the .zip file to a location on your local drive.

Step 4 At a command prompt, navigate to the directory that you downloaded the .zip to, and then type the following command to unzip the file:

unzip CWNCM1_3_AlertCenterInstaller-K9.zip

Step 5 To unzip the CiscoWorks NCM Alert Center Installer, type the following command:

gunzip alert-center-content-cache-linux-installer.tar.gz

Step 6 To untar the CiscoWorks NCM Alert Center Installer, type the following command:

tar -xvf alert-center-content-cache-linux-installer.tar

Step 7 To launch the Installer, type the following command:

./installer

The following prompt appears:

Enter your CiscoWorks NCM Username:

Step 8 Enter your CiscoWorks NCM username. The following prompt appears:

Enter your CiscoWorks NCM Password:

Step 9 Enter your CiscoWorks NCM password. This password will be encrypted. The following prompt appears:

Enter your Cisco.com username:

Step 10 Enter the Cisco.com username of the user that will be entitled to use the service. The following prompt appears:

Enter your purchase order number:

Step 11 Enter your purchase order number. The following prompt appears:

Enter your Sales Order number:

Step 12 Enter your Sales Order number. The following prompt appears:

Enter your company's name as it appears on the invoice:

Step 13 Enter your company's name as it appears on the invoice. The following prompt appears:

Enter the email address that the confirmation number should be sent to:

Step 14 Enter the email address that the confirmation number should be sent to. The following prompt appears:

Enter your full name:

Step 15 Enter your full name. A message appears that the installation was successful.

Step 16 Click Enter to exit the Installer and return to the prompt.

Step 17 An email will be sent to ncmac-subscription@cisco.com hat contains the information used to authorize your Cisco.com account to the service.

If there is an error sending the email message, the following message appears: An error occurred when attempting to send the registration email to Cisco. Please send an email to ncmac-subscription@cisco.com that contains the content of the file <CWNCM_install_directory>/content/registration_email.txt The install was otherwise successful.

You will need to wait for your account to be authorized before proceeding.

If the installation fails, uninstall CiscoWorks NCM Alert Center using the instructions in the "Uninstalling the CiscoWorks NCM Alert Center" section and install CiscoWorks NCM Alert Center in Debugging mode using the instructions in the "Installing the CiscoWorks NCM Alert Center in Debugging Mode" section. Capture the console output and logs and contact Cisco Technical Support.

Installing the CiscoWorks NCM Alert Center in Debugging Mode

You can launch the Installer in debug mode to create a log for debugging purposes. To launch the Installer, enter the following command:

./installer debug

The rest of the installation process is unchanged. The installer log created in debug mode is located in

CWNCM_install_directory/content/content_cache_install.log

Uninstalling the CiscoWorks NCM Alert Center

To uninstall the CiscoWorks NCM Alert Center, run the following command:

rpm -e alert-center-content-cache

Delete the following directory:

/var/opt/cisco/alert_center_content_cache

Configuring the CiscoWorks NCM Alert Center

To configure authentication, do the following:

Step 1 Add the path /opt/cisco/alert_center_content_cache/bin to your $PATH variable.

Step 2 Using a text editor, open the configuration file. By default, the configuration file is

/opt/cisco/etc/alert_center_content_cache/alert_center_content_cache.conf

Step 3 At the username and password entries in the configuration file, type your Cisco.com username and password.

Step 4 At the ncm_user and ncm_pass entries in the configuration file, type the CiscoWorks NCM administrator username and password.

Step 5 Check if the url variable in the configuration file is set to the following value:

https://upload.cisco.com/cgi-bin/swc/fileexg/main.cgi?CONTYPES=NCM-Streams

Step 6 Save your changes to the configuration file.

Step 7 To hash your password, run the following command:

alert_center_content_cache --encrypt-password

When you first run the CiscoWorks NCM Alert Center , the CiscoWorks NCM Alert Center will automatically authenticate itself by detecting redirects. This authentication verifies that the location it is redirected to is an cisco.com domain, and retrieves and provides cookies as needed.

Configuring Services and Streams

To configure services and streams, do the following:

Step 1 At a command prompt, enter the following command to view a list of available streams:

alert_center_content_cache --list-streams

The format of the value returned by that command is platform, service, stream (stream.name). An example of a stream returned by this command is

ncm security vc_cisco (security.vc_cisco)

Each service that you want to have access to must have a section in the CiscoWorks NCM Alert Center configuration file.

Step 2 If the alert_center_content_cache.conf file *lacks a section for a service, edit the file and add a section as appropriate. By default, the configuration file is

/opt/cisco/etc/alert_center_content_cache/alert_center_content_cache.conf

Step 3 Each stream in a service must be enabled in the configuration file in its service section. Set the value of a stream to 1 to enable the stream, or to 0 to disable that stream.

Launching the CiscoWorks NCM Alert Center

In addition to the steps in "Configuring Services and Streams" section, the CiscoWorks NCM Alert Center should have default values for its other configuration values. Assuming that the CiscoWorks NCM Alert Center script is in $PATH, perform the following command to launch the CiscoWorks NCM Alert Center:

Step 1 At a command prompt, run the following command:

alert_center_content_cache

Contents are imported into CiscoWorks NCM as Policies. To view the list of policies, navigate Policies > Policy List.

By default, the CiscoWorks NCM Alert Center will:

•Connect over SSL

•Re-attempt a failed download once

•Retain successfully downloaded files in the cache until they have been updated on the server.

Note The first update can take a significant amount of time.

Command Line Options, Importing Content, and Log Files

This section describes command line options, importing content, and the CiscoWorks NCM Alert Center log file.

Command Line Options

To see the complete list of available command line options and the online Help, do the following:

Step 1 Open a command prompt.

Step 2 Run the following command:

alert_center_content_cache --help

The following table shows some of the available options that can be called at the command line when launching the CiscoWorks NCM Alert Center. These options can also be set in the configuration file.

Table 3 CiscoWorks NCM Alert Center Command Line Options for Linux

Option

Description

--username=USERNAME

Username for accessing content on the host. Host refers to Cisco.com credentials.

--password=PASSWORD

Password for accessing content on the host. Host refers to Cisco.com credentials.

--http-proxy
--http-proxy-user
--http-proxy-pass

Configures http proxy settings.

-e EXPORT_TO_DIRECTORY, --export-to-directory=EXPORT_TO_DIRECTORY

Exports the downloads to this directory. Content is not imported with this option. For example:

alert_center_content_cache.exe -e /home/user/alertcenter

-i IMPORT_FROM_DIRECTORY, --import-from-directory=IMPORT_FROM_DIRECTORY

Imports the downloads from this directory. Content is not downloaded with this option. Content can only be imported after it has been downloaded using the -e EXPORT_TO_DIRECTORY option. You must specify the same EXPORT_TO_DIRECTORY directory or folder name for the IMPORT_FROM_DIRECTORY. For example:

alert_center_content_cache.exe -i /home/user/alertcenter

--platform

Restricts the content to be downloaded to a specific product. For example, --platform ncm limits the download to content that is relevant to CiscoWorks NCM.

--encrypt-password

Encrypts the passwords entered in plaintext in the configuration file.

Note You must have the following to import content: CiscoWorks NCM administrator privileges and the correct CiscoWorks NCM Username and Password in the configuration file. You must be running CiscoWorks NCM to import content.

Importing Content

To help verify that the content was downloaded, the CiscoWorks NCM Alert Center calculates the MD5 sum of downloaded files and checks the result against the MD5 sum listed for the file in the stream. The CiscoWorks NCM Alert Center will update the cache file to list a file as downloaded if the download succeeds. The CiscoWorks NCM Alert Center retains the files in the cache unless it is instructed not to do so.

The CiscoWorks NCM Alert Center checks the return status of the import commands to see if the import succeeded. If the import succeeded, the CiscoWorks NCM Alert Center marks the file as imported and caches the information. Check the log file to make sure that the content imported successfully.

CiscoWorks NCM Alert Center Log File

The CiscoWorks NCM Alert Center log file is named alert_center_content_cache.log and is located in the following directory:

/var/log/cisco/alert_center_content_cache/

Scheduling the CiscoWorks NCM Alert Center to Recur

To schedule the CiscoWorks NCM Alert Center to run as an external application task, do the following:

Step 1 Log in to CiscoWorks NCM.

Step 2 Navigate Tasks > New Task > Run External Application. The New Task - Run External Application window appears.

Step 3 In the Task Name field, enter Synchronize Security Service Alert.

Step 4 In the Start Date field, click Calendar and select the Wednesday of the current or following week. Then, edit the start time to read 5:00am local time (such as: 02-10-08 05:00). Security Alert updates are automatically released every Tuesday (Pacific Standard Time (PST) = GMT-8). In addition, they are released for immediate vulnerabilities based on alert criticality. It is recommended that you automate this task to run on Wednesday morning so as to capture new security alerts as they become available.

Step 5 In the Comments field, type: The Cisco Network: Security Alert Service Update Client.

Step 6 Under the Task Options section in the Run field, enter:

/opt/cisco/alert_center_content_cache/bin/alert_center_content_cache

Step 7 Leave the Start In field blank.

Step 8 In the Task Result field, select Treat non-zero result code as failed task.

Step 9 In the Text Output field, select the desired output method.

Step 10 Under the Scheduling Options section in the Retry Count field, you can either accept the default No Retry or select any of the other options.

Step 11 In the Retry Interval field, accept the default retry interval five minutes.

Step 12 In the Recurring Options field, select Weekly and Wed.

Step 13 In the Range of Recurrence field, accept the default No End Date.

Step 14 Click Save Task.

4 Known Issues

The following are known issues in CiscoWorks NCM Alert Center, Version 1.2.1, Revision 3.

Description: On Windows platform, after using Control-C to abort a running alert_center_content_cache.exe task, you cannot execute subsequent alert_center_content_cache.exe tasks.

Workaround: Remove the file:

<CWNCM install directory>\content\alert_center_cache_content\alert_center_content_cache.lock

Then retry the alert_center_content_cache.exe task.

Description: If the CiscoWorks NCM Alert Center installation process on a Windows or Linux server is aborted with Control-C, the partially installed data will not be cleaned. As a result, trying to install CiscoWorks NCM Alert Center again will result in Exit with error.

Workaround:

On Windows: Prior to rerunning the CiscoWorks NCM Alert Center installer, remove the following directory:

<CWNCM install directory>\content\alert_center_content_cache

On Linux: Prior to rerunning the CiscoWorks NCM Alert Center installer, run the following command:

rpm -e alert-center-content-cache

Description: On all CiscoWorks NCM Alert Center platforms, after deleting all policies for a particular stream, the default import does not add alert contents into CiscoWorks NCM for that stream.

For example:

Navigate Policies >Policy List. If all policies from security stream vc_cisco are deleted, re-run alert_center_content_cache for vc_cisco security stream. By default, this does not import alert contents for vc_cisco security stream.

Workaround: Delete the file downloads.cache.

On Windows platform: <CWNCM Install Path>\content\alert_center_content_cache\cache\downloads.cache

On Solaris platform: /var/opt/cisco/alert_center_content_cache/cache/downloads.cache

On Linux platform: /var/opt/cisco/alert_center_content_cache/cache/downloads.cache

Note Editing the downloads.cache file is not recommended.

Description: Modification of the Cisco.com encrypted password in the configuration file displays the stack trace with the error message: Error: Incorrect padding.

Workaround: Re-type the password and run the following command:

alert_center_content_cache --encrypt-password

5 Accessing the CiscoWorks NCM Documentation Set

You can access the entire CiscoWorks Network Compliance Manager documentation set from the following Cisco.com URL:

http://www.cisco.com/en/US/products/ps6923/tsd_products_support_series_home.html

From here you can navigate to any documentation for CiscoWorks NCM 1.3 you will need.

Tip To cut and paste a two-line URL into the address field of your browser, you must cut and paste each line separately to get the entire URL without a break.

Note All documentation, including this document and any or all of the parts of the CiscoWorks NCM documentation set, might be upgraded over time. Therefore, we recommend you access the CiscoWorks NCM documentation set using the Cisco.com URL: http://www.cisco.com/en/US/products/ps6923/tsd_products_support_series_home.html

Note The Docs tab visible from within Network Compliance Manager might not include links to the latest documents.

6 Obtaining Documentation and Submitting a Service Request

For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:

http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html

Subscribe to the What's New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service and Cisco currently supports RSS version 2.0.

Option	Description
--username=USERNAME	Username for accessing content on the host. Host refers to Cisco.com credentials.
--password=PASSWORD	Password for accessing content on the host. Host refers to Cisco.com credentials.
--http-proxy --http-proxy-user --http-proxy-pass	Configures http proxy settings.
-e EXPORT_TO_DIRECTORY, --export-to-directory=EXPORT_TO_DIRECTORY	Exports the downloads to this directory. Content is not imported with this option. For example: alert_center_content_cache.exe -e \cisco_user\alertcenter
-i IMPORT_FROM_DIRECTORY, --import-from-directory=IMPORT_FROM_DIRECTORY	Imports the downloads from this directory. Content is not downloaded with this option. Content can only be imported after it has been downloaded using the -e EXPORT_TO_DIRECTORY option. You must specify the same EXPORT_TO_DIRECTORY directory or folder name for the IMPORT_FROM_DIRECTORY. For example: alert_center_content_cache.exe -i \cisco_user\alertcenter
--platform	Restricts the content to be downloaded to a specific product. For example, --platform ncm limits the download to content that is relevant to CiscoWorks NCM.
--encrypt-password	Encrypts the passwords entered in plaintext in the configuration file.