ACS Tacacs administration report Log Analyzer

Similar Messages

• No TACACS+ Administration Reports after upgrade to ACS 4.1

  Hi,
  I was running ACS 4.0 demo version. Everything was running fine.
  After upgrading and keeping the old configuration, I can't see logs in the TACACS+ Administration Reports. I kept the configurations on the router and switch the same, so I believe that the problem resides in the ACS software.
  I tested some debug, and it seems that the router is sending the command that is being typed to ACS.
  Here is the config I?m using:
  aaa new-model
  tacacs-server host 192.168.X.X key XXXXXXXXXXX
  aaa authentication login telnet group tacacs+ enable
  aaa authentication login console enable
  aaa authentication enable default group tacacs+ enable
  aaa accounting send stop-record authentication failure
  aaa accounting exec default start-stop group tacacs+
  aaa accounting commands 1 default start-stop group tacacs+
  aaa accounting commands 15 default start-stop group tacacs+
  aaa accounting connection telnet start-stop group tacacs+
  line con 0
  authorization exec NO-AUTH
  login authentication console
  line vty 0 4
  authorization exec AUTH
  login authentication telnet
  aaa authorization exec AUTH group tacacs+ none
  aaa authorization config-commands
  aaa authorization exec NO-AUTH none
  aaa authorization commands 0 default group tacacs+ none
  aaa authorization commands 1 default group tacacs+ none
  aaa authorization commands 15 default group tacacs+ none

  Hi,
  This is a known issue, you need to apply patch ACS 4.1.1.23.5 to fix the issue.
  Patch for appliance is availble on
  http://www.cisco.com/cgi-bin/tablebuild.pl/acs-soleng-3des
  Patch name : ACS SE 4.1.1.23.5 accumulative patch
  Patch for acs windows is availble on
  http://www.cisco.com/cgi-bin/tablebuild.pl/acs-win-3des
  Patch Name : ACS 4.1.1.23.5 accumulative patch
  That should fix the issue,
  Regards,
  Jagdeep
  Note: If that answers your question, then please mark this thread as resolved, so that others can benefit from it.

• Cisco ACS 4.2 TACACS+ Administration report - Help!

  we had some switches mysteriously reloaded.  Upon investigation, TACACS+ Administration report show no user login to the device, no command was issued, and the reason = reload.
  how could this happen?

  Guna,
  Tacacs+ Does not use VSAs.
  Radius uses VSAs.
  This is what I found online:
  http://198.152.212.23/css/P8/documents/100106731
  See if this helps.
  It has an example associated for server configuration.
  In ACS 4, you need to use the shell exec and priv-lvl=<value>.
  (Similar to Cisco IOS)
  Regards
  Ed

• TACACS Administration issue in Cisco ACS V4.1

  Hi,
  I am using Cisco Secure ACS V 4.1 for windows. When takingTACACS+  Administration report, report is not getting generated. I have come to know that this is a Bug in this version so as per the support forums they have suggested to update to ACS-4.1.1.23.Link which shows this is given below.
  https://supportforums.cisco.com/message/2015469;jsessionid=E5E34B6AE1216E24188E4712050285DC.node0
  For the same i have searched in cisco but this particular version is not present. enstead ACS 4.1.4.13 is present.
  Please let me know if i update ACS 4.1.4.13 will it resolve this TACACS+ administration report issue. else provide me the remedy to fix this issue.
  Thanks,
  Krishna.

  Krishna,
  That link does not have any full software listed, only patch are listed. This bug is fixed in ACS 4.1.1.23.5 accumulative patch which can be downloaded from that link.
  Incase you want to upgrade ACS, you need to open a TAC case to get the full software.
  Regards,
  ~JG
  Do rate helpful posts

• No TACACS+ Administration Logging on ACS

  I can get a csv file created for a TACACS+ Administration log/report [configured in Interface Logging of the ACS] but that log file is is empty. Help states that aaa accounting commands start-stop TACACS+ must appear in the access server or router configuration file in order to capture this day but my ASA 5520 will only allow;
  aaa accounting command <server group> or <privilege>.
  How do I get this ASA and Windows ACS to collect TACACS+ administration?
  Note: My TACACS+ accounting does collect data on users ssh into the ASA.

  It's quite possible that you might be experiencing a know bug ( CSCsg97429 ) in ACS version 4.1.
  Get this Patch: Acs-4.1.1.23.5-SW.zip. It fixes the TACACS+ Administration log/report problem.
  You rigth in regards to the command. It is needed for your NAS to send accounting information to the ACS.
  Here's an example of the commands:
  aaa accounting exec default start-stop group tacacs+
  aaa accounting commands 15 default start-stop group tacacs+
  Hope it helps.

• Tacacs+ Administration log Auditing

  Hello ,
  I am working as internal Auditor in Bank and i am having doubts about something on the logs generated by TACAS+ looking for someone assist on this.
  My cocern is about Firewall changes which triggered on the Tacacs+ Administration, It shows you in terms of adding an IP address as Source to specifc group ( objects) as destination. What if I need more details about the destiation objects prviliages which I am adding this source to ,how can i identify these changes?

  Hi Mahmoud,
  You can send accounting messages to the TACACS+ accounting server when you enter any command other than show commands at the CLI.
  To enable command accounting, enter the following command:
  hostname(config)# aaa accounting command [privilege level] server-tag
  and you do have this command in your configuration. Now if command accounting is not working in your case then you need to tell me what version of Cisco ACS are you running on, if it is ACS 4.1.1.23 then there is a defect that has been fixed in patc 5
  The issue that you are facing could be due to,
  CSCsg97429 - TACACS+ Command Accounting does not work in ACS 4.1(1) Build 23.
  aaa-server AuthOutbound protocol tacacs+
  aaa authentication http console LOCAL
  aaa authentication enable console TACACS+
  aaa authentication serial console TACACS+
  aaa authentication ssh console TACACS+
  aaa authorization command TACACS+
  aaa accounting command TACACS+
  How to configure command accounting on ASA
  http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/mgaccess.html#wp1059882
  Hope this helps.
  Let me know if you need further help on this.
  Regards,
  Jatin
  Do rate helpful posts~

• Log analyzer and reporter for Weblogic ?

  We are using Weblogic 6.1 as a web server (no proxy).
  Does anyone know of a good Web log analyzer for Weblogic 6.1 ?
  The analyzer would analyze the log of WLS and display various statistics graphically.
  Something like Webtrends or Analog for IIS, IPlanet and Apache servers.

  AlterWind LogAnalyzer http://www.alterwind.com/loganalyzer/ allows to
  analyse a log file of any format.
  "mucucu" <[email protected]> wrote in message news:<3dc2ec2d$[email protected]>...
  We are using Weblogic 6.1 as a web server (no proxy).
  Does anyone know of a good Web log analyzer for Weblogic 6.1 ?
  The analyzer would analyze the log of WLS and display various statistics graphically.
  Something like Webtrends or Analog for IIS, IPlanet and Apache servers.

• Correction for Daily Report Log Web Service

  In the August 29th iTunes U Administrator email, there was a mistake in the example for the Daily Report Log Web Service.
  The example showed:
  http://deimos.apple.com/WebObjects/Core.woa/API/GetDailyReportLogs/example.edu?S tartDate=2007-07-01&EndDate=2007-07-17&destination=example.edu&username=ADMIN&ac cesskeys=Administrator@urn:mace:itunesu.com:sites:example.edu&emailaddress=foo@b ar.com&displayname=test&expiration=1186086577&signature=4443ac48a8ae1a0c50dbfb35 f201b6d0db14b16d
  There are extraneous form value pairs in the above example. The POST form values required to get a daily report are:
  StartDate (EndDate is optional) - format YYYY-MM-DD
  credentials
  identity
  signature
  An example of a correct request:
  http://deimos.apple.com/WebObjects/Core.woa/API/GetDailyReportLogs/example.edu?S tartDate=2007-09-12&EndDate=2007-09-13&credentials=Administrator@urn:mace:itunes u.com:sites:example.edu&identity=%22JaneDoe%22+%3Cjdoe%40example.edu%3E+%28jdoe%29%5B42%5D&signature=38bda70d9aa6975ae8756754034feb6e3c794aca4b21665f6dc85d2ed42d4 f6b

  Currently displaying audit log reports in REST or API is not supported by Microsoft. SharePoint online in Office 365 just supports saving an audit log report as a Microsoft Excel 2012 Preview workbook.
  You can refer the following post :
  http://community.office365.com/en-us/f/172/t/164047.aspx

• Can not login to CiscoSecure ACS, all Administration ports are currently in

  I changed the administrator password but cannot longer log to the ACS. I get "Can not login to CiscoSecure ACS, all Administration ports are currently in use". The old password no longer works so i know it is not a password issue.

  Disregard!!!

• Log Analyzer in Portal SP 17

  Hi,
  where can I found the Log Analyzer in Portal with service stack 17? I can't find it in >> System administration >> Support >> Portal Runtime ?
  Is there any configuration necessary?
  Thanks for your answers.

  Hi Andreas,
  this is normal behaviour. The Log Viewer has been removed from the Portal since SPS16, I think. This is because of the fact that all monitoring related information shall be accessed in the NetWeaver Administrator. So for accessing the logs you have the following possibilities:
  - via NetWeaver Administrator: http://yourportal:port/nwa
  - via Visual Administrator: Log Viewer service
  - Standalone Log Viewer
  Best regards,
  Thomas

• Good Cisco VPN 3030 Log Analyzer

  I need your advice on VPN Conc log analyzer. I am using Kiwi Syslog Enterprise as syslog server. Does any body know or have a recommendation for a good VPN log analyzer that analyzes VPN logs and spit out a report?

  The RME Syslog Analyzer matches syslog messages with managed devices, so for a very large database (a very large number of devices in inventory), high CPU utilization can be expected for this process, even with a lower message rate. Also note that attempting to generate reports when the database insert rate is high and sustained is the worst case possible.

• Defacto Web Log Analyzer?

  Wondering if there's a defacto apache web log analyzer that most of you use for Mac OS X Server?
  Seems to be minimal simple options out there to just install and work. I'm not a Unix admin by any stretch, so something with a GUI or Web admin front end would be perfect.
  Cheers
  Brendan

  There is one one 'defacto' analyzer -- the one built into the traffic graphs of the SA.
  If you are instead asking what folks like to use, that varies greatly. You can run them yourself or use a 'service' such as Google.
  Here's a starter list for you to explore:
  Accrue Insight
  Analog
  AWstats
  FunnelWeb
  Sawmill
  Summary
  Urchin / Google Analytics
  Webalizer
  Wusage
  So explore all of those and report back here -- let us know what works best for you, and why.

• Web log analyzer

  Does anyone know of a decent free web log analyzer for the Mac. I don't need anything fancy but all the ones I've seen are for Windows. Thanks.
  powerbook G4 12   Mac OS X (10.4)  

  There is one one 'defacto' analyzer -- the one built into the traffic graphs of the SA.
  If you are instead asking what folks like to use, that varies greatly. You can run them yourself or use a 'service' such as Google.
  Here's a starter list for you to explore:
  Accrue Insight
  Analog
  AWstats
  FunnelWeb
  Sawmill
  Summary
  Urchin / Google Analytics
  Webalizer
  Wusage
  So explore all of those and report back here -- let us know what works best for you, and why.

• Report to analyze customer billings at G/L account level

  We need a report to analyze customer billings (generated in FI-A/R, not SD) at G/L account level.  There are couples of transactions/reports like S_ALR_87012171 that shown customer sales volumes but the figures include taxes.  We need it without taxes.  Are there any reports available in SAP to facilitate G/L level analysis for customer billings?
  S_ALR_87012171 u2013 G/L account is not one of the available characteristics in form 0SAPFD10-03.  Is it possible to add G/L account to the structure to make it an available characteristic?

  Dear,
  Use FBL3N, take customer reconciliation account GL and execute it in FBL3N. It will show you all billing done to customers to date alongwith their invoice and billing document number.
  Regards

• Cannot open Microsoft Office Mac 2011 after migrating to new computer. OS 10.9.1: Microsoft Error Reporting log version: 2.0  Error Signature: Exception: EXC_CRASH (SIGTRAP) Date/Time: 2014-01-19 23:31:24  0000 Application Name: Microsoft Word Application

  Got a new MacBook Pro and migrated my settings and applications from old computer. Reinstalled Microsooft Office from a disk, after I opened a document and it said I was missing some software components. Now when I open any office application, I get:
  Microsoft Error Reporting log version: 2.0
  Error Signature:
  Exception: EXC_CRASH (SIGTRAP)
  Date/Time: 2014-01-19 23:31:24 +0000
  Application Name: Microsoft Word
  Application Bundle ID: com.microsoft.Word
  Application Signature: MSWD
  Application Version: 14.3.9.131030
  Crashed Module Name: merp
  Crashed Module Version: 2.2.4.131030
  Crashed Module Offset: 0x00004422
  Blame Module Name: MicrosoftSetupUI
  Blame Module Version: 14.3.9.131030
  Blame Module Offset: 0x0000e516
  Application LCID: 1033
  Extra app info: Reg=en Loc=0x0409
  Crashed thread: 0

  Hi,
  Do you get the error message like "Office <Update version number> can't be installed on this disk. A version of the software required to install this update was not found on this volume. To learn how to fix it this issue, see "I can't install Office
  for Mac updates" at http://www.microsoft.com/mac/help.mspx."
  If it was, please follow the kb to fix the issue:
  http://support.microsoft.com/kb/969065/en-us
  Then, here is a forum for Office based on the Windows operation system, we are lack of the source about the Office for mac, you'd better post your question to Answers forum:
  http://answers.microsoft.com/en-us/mac/forum/macoffice2008?tab=Threads
  Regards,
  George Zhao
  TechNet Community Support