AAA/Identity/Nac :: Cisco ACS 4.2 - Historic Logs For Passed Authentications
Mar 23, 2012I have cisco ACS 4.2 (1) build 15 working fine, but it can save historic logs for Passed Authentications, Failed attempts. etc.
View 1 Replies
ADVERTISEMENT
Cisco AAA/Identity/Nac :: Unable To Use ACS 5.2 With Logs?
Sep 6, 2011I have 3 ACS servers placed throughout N. America. I it set up so that ACS01 is primary and ACS02 and ACS03 are secondary. When i look at the logs for passed/failed authentications in radius or tacacs I cannot see anything from ACS03 logging. This is weird because just a few weeks ago it worked perfectly. In fact, ACS03 is the most active server since this site is using it for wireless phones and tacacs and the other 2 are just using ACS for wireless networking. I went through the log settings and every server is set up the same as the others (except the primary) so it should be logging ACS03 the exact same as 01 and 02.Anyway it seems like a small problem but i need the logs to work correctly to properly administrate security.
View 1 Replies View RelatedCisco AAA/Identity/Nac :: ACS 5.2 Logs Are Not Showing MAC Address?
May 10, 2012We recently had to rebuild our ACS server. Now when we have an 802.1x authentication failure and look at the RADIUS logs for the specific user, it does not show us the MAC address of the device the user tried to login with. We use this all the time because users have PDAs and other mobile devices that they save their passwords on. Then when they change their domain password on their laptop, they don't change it on their PDA which then tries to authenticate them using the wrong password and eventually locks them out. We need to see the MAC address so we can pinpoint which device is causing the lockout. The report I am generating is when you go to this location: Monitoring & Reports > ... > Reports > Catalog > User > User_Authentication_Summary
View 4 Replies View RelatedCisco AAA/Identity/Nac :: ACS 5.3 Tacacs Authorization Logs?
Jan 15, 2012Noticed tacacs authorization logs when you change password for a user ?? in authorization logs I can see the new password but same I can not see in accounting logs ? is it a normal behaviour ?? or do we need to do something to hide the password in authorization logs ?
For example if i type command username xyz priv 15 secret cisco 123
I see this command in accounting logs as uername xyz oriv 15 secret *** where as in tacacs authorization logs it shows username xyz priv 15 secret cisco 123
Cisco AAA/Identity/Nac :: 1120 - Error Opening Acs Logs
Mar 6, 2013I have problem with ACS 5.0 on reporting. On "Monitoring and Report" page in Faverite Reports when i clicking on "Authentications - RADIUS - Today", My browser displays error "Error while reading skin-access.config. Please make sure the file exists and conforms to the schema specified"
I must also mention that I never upgraded the version of ACS from 5.0 also from command line all the acs services are running. It is running on CISCO 1120 Secure Access Controll Server apliance.
My second question is can I upgrade the version of ACS to 5.4 with Cisco Secure ACS 5 Base License?
Cisco AAA/Identity/Nac :: ACS 5.1 Has Stopped Authentication Logs After Reboot?
Dec 28, 2011I have saved the running configuration to startup first and rebooted the ACS 5.1. Since then it has stopped Authentication logs, though I can login to the network devices using Tacacs login, but I am not getting Tacacs authentication logs ?
View 3 Replies View RelatedCisco AAA/Identity/Nac :: ACS Version 5.2.0.26 / Failed MAB Authentication Logs
Jan 8, 2013Having an issue where a user will plug a PC into a switch. The switch does a MAB authenticaiton and the MAC is not located in the ACS server. It logs the failed attempt, but when the PC is removed from the switch, the failed attempts keep getting logged until the port is bounced. Any way to keep the attemps from happening after the PC is removed? If not, any way to make it stop without bouncing the port?
running ACS version 5.2.0.26
switch port config:
interface GigabitEthernet1/0/2
sw access vlan 2 sw mode access
authentication control-direction in
authenticaion host-mode multi-auth
authentication port-control auto
mab
spanning-tree portfast
Cisco AAA/Identity/Nac :: ASA 5520 / Username Does Not Show In CLI And ACS Logs
Aug 3, 2011Why my asa5520 brings out:
sh curpriv
Username : enable_15
Current privilege level : 15
Current Mode/s : P_PRIV
while i am logging in with my username which is XXXX. And in my ACS accounting logs I cannot see which user did what.
Cisco AAA/Identity/Nac :: ACS V5.2 / Can Configure User Authentication Logs To Be Viewed On WCS
Jul 18, 2011I have some queries regarding on the report generation for on Cisco ACS v5.2.
1) Can we schedule to run a customized report on ACS and then email the report to the user?
2) Can we run a users authentication trend report based on the AD directory group rather than individual user.
3) Can we configure user authentication logs to be viewed on WCS.
Cisco AAA/Identity/Nac :: CiscoSecure ACS V4.2 RADIUS Logs Upload To FTP Server
Apr 24, 2013I am using CiscoSecure ACS v4.2 appliance, in there any way that RADIUS logs upload to FTP server because it has limitation to store RADIUS logs.
View 15 Replies View RelatedCisco AAA/Identity/Nac :: ACS 5. 2 Secondary Server Is Not Collecting Logs From Primary
Nov 2, 2011Cisco ACS 5.2 secondary server is configured as a log collector for both primary and secondary server .Now i am facing problem in log collection from primary server .ACS secondary server is not collecting any logs from primary .
View 2 Replies View RelatedCisco AAA/Identity/Nac :: ACS 5.4 - Audit Logs Operated By Secondary Instance?
Mar 28, 2013I'm using ACS 5.4p2 within distributed systems: one primary and one secondary instance.For now, primary instance is acting as Log Collector server and I can see any AAA audit logs.
When the primary instance fails I can authenticate successfully using the secondary instance.However, when primary instance comes back, I'm not able to see any audit logs operated by secondary.
Cisco AAA/Identity/Nac :: ACS 5.3 - External Proxy Service User Logs?
Apr 11, 2012We are currently using Cisco ACS 5.3.0.40.2. One of the Services Selection Policy it hosts is:
Receive Authentication request from a wireless controller for a wireless userIf the wireless user's username contains a particular domain suffix, the request is proxied to an external proxy server using an External Proxy service (configured for both local/remote accounting)On receiving an Acccess-Accept from the external proxy, the user is given access and ACS 5 will start logging account packets for the username (nothing appears in the RADIUS authentication logs - ACS 5 it seems doesn't log proxied authentication requests) The above setup works fine in most instances. We start to have problems when an external proxy server strips the domain suffix off the username in the Access-Accept packet e.g.
ACS 5 proxies an Access-Request to an external proxy server (with Username = someuser@somwhere.com)The external proxy replies with an Access-Accept (with Username = someuser)The user 'someuser' is given access but subsequent accounting attempts fail because their username (without the domain suffix) doesn't match the Service Selection PolicyIs there any way to get ACS 5.3 to log proxied authentication requests? If not, can I configure ACS 5.3 to use the username in the Access-Request packet (rather than the username in the Access-Accept packet) for accounting?
Cisco AAA/Identity/Nac :: ACS 5.2 - Delete Accounting / Authorization Reports Or Logs?
Oct 5, 2011How to delete the accounting/authorization Reports or logs ?
View 2 Replies View RelatedAAA/Identity/Nac :: ACS V5.1 View Not Showing Full Admin Logs?
May 18, 2011I am having trouble viewing all the Administration logs in ACS View. I have my Local Log Target set to a Maximum log retention period of 90 days. In ACS View I can display authentications that go back 90 days + However when I try and display the "ACS_Configuration_Audit" in View and perform a Custom query that goes back 90 days it will only display about 35 days of Admin logs.I know the logs are there because when I go into CLI and do a search like "show logging | i "ObjectType=Administrator Account" the Administration logs go back over a year.why ACS View cannot display all the Admin logs?The ACS is running v5.1.0.44 Patch 6 (Also experiencing this in a v5.2 ACS as well)
View 2 Replies View RelatedCisco AAA/Identity/Nac :: ACS 4.2 / Logs Are Lost Frequently In Remote Agent Server
May 2, 2013ACS 4.2 and remote agent was working properly two months before. But in past two months we are facing weird issue in RA server.For Somedays we are missing logs from both ACS and RA server. Once we notice this we use to restart the services in ACS to give workaround. But due to this we loose our daily logs intermittently and facing risk in without having logs.This is not like communication between ACS and RA is not at all happening. It happens properly for a week or month, but again it is going bad without any config change. CSAgent.ini file is properly configured.Full version is 4.2.1.15 and patch is 10 in acs and ra.ACS and Remote Agent Major and Patch version are same.
View 5 Replies View RelatedCisco WAN :: Static Routing Nothing Being Passed Through 887VA-M-k9
Nov 25, 2012I'm having a weird issue with static routing on the Companies Cisco Router. Essentially nothing is being passed through from what I can tell. Im unable to remote in or even email the exchange server its all blocked..
My Current Config
Building configuration...
Current configuration : 5327 bytes!! Last configuration change at 06:05:36 Sydney Tue Nov 27 2012! NVRAM config last updated at 06:05:53 Sydney Tue Nov 27 2012! NVRAM config last updated at 06:05:53 Sydney Tue Nov 27 2012version 15.1no service padservice timestamps debug datetime msecservice timestamps log datetime msecno
[code] ........
Cisco Switching/Routing :: 4510 - Command To See If Port Was Ever Up And Passed Traffic
Apr 24, 2012I am looking to find a command or counter to tell me if a cisco switch port on a 4510 was ever up and passed traffic. I want to shutdown all unused switchports on our access switches. But before I do that I need to make sure device is just not off or the person is away on vacation. If I do sh int interface, is there a counter I can reference.
View 4 Replies View RelatedCisco :: How To Turn Off This Logs
Dec 22, 2012how to turn off this logs??
*Mar 2 13:26:07.919: %SEC-6-IPACCESSLOGP: list 101 denied udp 79.2.199.68(57143) -> x.x.x.x (34803), 1 packet
Router#
*Mar 2 13:26:09.766: %SEC-6-IPACCESSLOGP: list 101 denied tcp 108.15.116.235(63864) -> x.x.x.x (34803), 1 packet
Router#
*Mar 2 13:26:11.276: %SEC-6-IPACCESSLOGP: list 101 denied udp 24.130.2.212(26935) -> x.x.x.x (34803), 1 packet
Cisco Wireless :: ACS 5.3 - Logs From WCS
May 24, 2012I cannot read ACS 5.3 logs from my WCS. I have the ACS server added to the WCS. Below is the message I'm getting:
Unable to connect to any ACS View Server.Failed to access the WSDL at: { URL}. It failed with: {URL}. Do I need to install any special module on the ACS to support this?
Cisco :: VPN Concentrator No Logs On Ftp Server
Jun 16, 2011I have a question about VPN Concentrator FTP Backup configuration to get logs on FTP server. I have configure FTP Backup with all details but I still do not see any logs on FTP server. Do you know what could be the issue? I have never used Concentrator and not sure what needs to be done to get in working condition. I am using VPN Concentrator 3015 series.
View 5 Replies View RelatedCisco WAN :: ASA 5520 How To Get Old Logs From Router
Nov 4, 2012I am running two ASA 5520 routers synched up with eachother. I had a massive connectivity issue this weekend that I am investigating. Now I have figured out how to get the live logging but I need to know how to get the old logs from my router.
View 4 Replies View RelatedCisco :: LMS 3.2 Logs Missed In Ciscoworks?
Aug 31, 2011There was a interface down in one of critical devices in the network.that particular log is not captured by the ciscoworks(DFM-alerts).
View 1 Replies View RelatedD-Link DIR-615 :: Rev E3 - Logs Are Getting Messed Up
Jan 1, 2013My iphone started resetting the connection every 2 minutes today. I noticed that the date maximum is Dec 31, 2012. My logs are getting messed up, and NTP isn't setting. Is there a firmware update for REV E3?? I'm at 5.10 right now.
View 11 Replies View RelatedCisco :: User Activity Logs On 2504 WLC?
Oct 16, 2012I want to secure our WLAN via Web Authentication with our new Cisco 2504 WLC. But where do i find user activity logs?
View 2 Replies View RelatedCisco Routers :: RV016 Not Emailing Logs
Jul 16, 2012I have hardware version 2 and firmware 3.0.2.01 (latest firmware available for this hardware version I believe) and I cannot get it to email me logs. I have entered my outlook address and our SMTP server.The log says that it's failing each time it attempts. I have scoured the internet and I cannot find a solution that will work for me. I have found some talk of adjusting an MTU setting which is supposed to be located under the firewall / general tab.
View 1 Replies View RelatedCisco Routers :: WRVS440N Did Not Collect Logs
Apr 14, 2013I have turned on 'Local log' and 'output blocking event log' on my WRVS4400N v2 with latest fw.When I am clicking 'view log' button I can't see anything in empty fields. When I am trying to change logs genre I have empty fields all time.
View 1 Replies View RelatedCisco :: No Logs Found In 2851 Router
Nov 15, 2012I am using a 2851 router in mpls network. We had a power shut down activity recently and post to that i could not find any logs in the router.
View 4 Replies View RelatedCisco Routers :: Cannot Email Logs From RV220W
Aug 29, 2011I am trying to setup logging on my router. I want to use my gmail account / gmail SMTP server to send emails.
Does the router support TLS for SMTP?
Oh - and I also get the "critical error" page. I get it when I try to un-check the send logs checkbox in the remote logging management page.
Cisco :: WLC 5508 Recent Trap Logs?
Dec 3, 2012I have a 5508 wireless lan controller we have two SSID configured Profile Name : Corporate and Guest When I go look at the Most Recent Traps all I see is Client with Mac address blah has joined your corporate, this goes on for sometime. But I am unable to see any of the Guest logs joining the network, I have since then grabbed my laptop and connected to the guest log. I still dont see any logs in Most Recent Traps for the Guest SSID WLAN configuration, I then blocked my Mac address and tried to connect again, No logs. I need to also montior the guest network is there some special tick box I need to apply for this to work? Once the guest is connected I can view them in the clients list but it never shows them on MOST RECENT TRAPS but I want to see the guests account connecting or failing to connect as we currently have a rogue device annoying me.
View 3 Replies View RelatedCisco WAN :: 7604 Logs Explanation Required
Jan 6, 2013what is the meaning of the following log messages on Cisco 7604 Core routers. The Core router is configured with 2 STM card configurations with Vlan assignments: [code]
View 3 Replies View RelatedCisco :: NTP Error Logs On Nexus 5000
Oct 13, 2012We are using almost 10 Nexus 5k in our DC currently we are getting same error logs in all Nexus 5k." ntpd[4746]: ntp:time reset +0.279670 s " ,Is it major error or just for reset time?
View 1 Replies View RelatedCisco WAN :: 881G - Trace Back Logs
Nov 28, 2011I am receiving trace back logs in the 881G with 3G module. And after reload, the router is going to Initial Config. mode. What the latest IOS is?
Current IOS I am using is c880data-universalk9-mz.151-1.T3.bin. Any better IOS for complete efficient use of the PCEX-HSPA-G Module ?