IBM Tivoli and Cisco User Manual

Chapter 7. Network enforcement subsystem implementation

225

filename is the name of the file in which you want CSUtil.exe to write all
attribute definitions. Example 7-2 shows the execution of this command.

Example 7-2 Import Security Compliance Manager attribute

C:\Program Files\CiscoSecure ACS v4.0\Utils>CSUtil -addavp
c:\Temp\avplist.txt

Attribute 2:50:1 (Application-Posture-Token) automatically added to
registry
Attribute 2:50:2 (System-Posture-Token) automatically added to registry

[attr#0]: Attribute 2:50:10 (Action) added to registry
[attr#1]: Attribute 2:50:20 (Policy Version) added to registry
[attr#2]: Attribute 2:50:21 (Violation number) added to registry

=== AVP Summary ===
3 AVPs were added to the registry

In addition, 2 AVPs were automatically added to the registry

=== IMPORTANT NOTICE ===
Please restart the following services:
- CSAdmin
- CSAuth
- CSLog

C:\Program Files\CiscoSecureACS v4.0\Utils>

4. To make the Security Compliance Manager attribute definitions take effect,

restart the CSAuth, CSLog, and CSAdmin services by entering the following
commands at the command prompt, allowing the computer time to perform
each command:

net stop csauth

net start csauth

net stop cslog

net start cslog

net stop csadmin

net start csadmin

5. ACS should now be aware of the Security Compliance Manager attributes. To

verify this, run the command:

csutil.exe –dumpavp filename