Passed Authentication Logs on ACS 4113 SE appliance

Similar Messages

• Cisco ACS Appliance and Passed Authentication Logs

  I'm seeing something on our ACS appliance logs that looks kind of odd (but it is working fine).
  When I look at the "Passed Authentication" logs, the users seem to show up about 3 time a minute (each). Maybe I am missing something, but this seems like some type of over-reporting.
  Any ideas why this would be happening? I'm probably missing something obvious, but since I'm new to this I can't find the problem.
  Thanks for any suggestions!

  What version of CSACS are you running? Has this just started happening, or was the problem just identified? It could be a performance issue if in fact everything was reauthenticating every 20 sec. Are all your devices showing up, or just wired or wireless? It could be a slight misconfiguration that could be hard to find. If you have the capability, you might want to capture the traffic going to your CSACS server to see if the authentications are actually happening, or like you mentioned...just reporting issues. I ope this helps.

• ACS PASSED AUTHENTICATION LOG

  Hi
  I am trying to export my passed/failed authentication log to MS-EXCEL . Since my log in acs is huge MS-EXCEL has a restriction on the number of rows and columns. How do i delete the old logs and have the logs between specified dates.
  Or is there any other mechanism so that i can open this log file in .csv format without truncating the content of the log file.
  Any help is appreciated
  Thanks in advance

  There are utilities about that allow you to split a file into a series of files but only containing N lines.
  Alternativly have you looked at AAA Reports from Extraxi, that allows you to do a whole host of reports and handles all the issues of archiving and management of the data.

• EAP-TLS + CA MICROSOFT + ACS 3.2 APPLIANCE = Problem

  I have a Wireless Lan platform composed by equipment Access Points Cisco 1100 with ACS 3,1 and CA Microsoft.The security scheme is EAP-TLS (certificates).This architecture was completely functional. The problem took place when replacing the ACS 3,1 by the ACS 3,2 APPLIANCE, for which new certificates they were emitted by the CA of the infrastructure. The problem appears when a wireless client tries to connect to the wireless network,without obtaining the objective ,being in a state of "trying to authenticate" in networks adapters, in addition the ACS Logs appear the following message "NAS duplicated authentication attempt".
  If somebody knows the reason of this problem, can be contacted to my mail ([email protected]).

  A hint i could give you that in such a scenario you need an Trusted boundary between the ACS Appliance and the MS AD/PDC. This we be realized trough an PC/Host who is a regitered member or user of the AD/PDC. This relay Computer then communicates with the MS CA. The SW that Cisco Provides is the Cisco Secure ACS Agent. Hope this helps as we found the same problem in leap authentication as the ACS Appliance could not be set into a AD/PDC Domain. This has to be realized trough this smal piece of SW installed on an PC/Host etc. wich is a active AD/PDC Member.

• ACS 5.2 appliance cli access

  Hi~
  Could you please tell me how can I make user access for CLI (shell) on ACS appliance by means of WEB GUI. The point is that I have ACSAdmin as well as another administrator role users, but can't get access to appliance through SSH (Permission denied (publickey,password,keyboard-interactive).). I need to troubleshoot RADIUS requests from my APC Networc Management Cards, by means of some sort of tcpdump, becouse I dont get any logs in ACS from APC cards.

  then either you need to enable more detailed logging on the ACS applicance
  How can I do this?
  or the RADIUS requests from the APC cards aren't reaching the ACS applicance
  This is what I'm trying to find out.
  Are there any firewalls, etc between the two devices that might be blocking RADIUS packets?
  No man, there is a clear IP connectivity between, but problem is that I can't troubleshoot RADIUS requests/replies on this part of transmission nor from APC side neither from ACS. I check all possible log records in "Monitoring and Reports" tab, but didn't find any request from APC devices.
  Also, if you have any configuration examples for APC (APC9630) devices RADIUS authentication by ACS 5.2 will be appreciated for the information. I have followed this  howto to configure VSA and apply policy, but still it doesn't work. I just want to verify are the RADIUS requests reach ACS or not.
  Thank you.

• ESA Authentication Log

  Hi all,
  We have two IronPort Email Security Appliances and one Management Security Appliance.  I just took a look at the authentication log on one of my ESAs and I saw that the user "smaduser" was connecting from the MSA every few seconds.  This makes sense - the MSA has to check for message tracking information, etc. - but it makes the signal/noise ratio in the log extremely high.  Is there any way to keep the ESA from logging this normal activity or would we have to filter it out after FTP'ing the log from the device?
  Thanks,
  - Steve

  Hi Steve,
  you can try changing the log level of the authentication log by running the command logconfig on the CLI. Select EDIT and the authentication log file. The log level will be most likely 3 Information. You can try chaning it to 2 Warning and see if that helps.
  Log level:
  1. Critical
  2. Warning
  3. Information
  4. Debug
  5. Trace
  Otherwise you will need to filter it out once downloaded from the appliance.
  Regards,
  Enrico

• Customizing header links in wiki while passing authentication.

  I'm trying to add a few new different headers to the page to services running outside of the wiki, but passing off authentication to them of the currently logged in user. I'm specifically trying to do this for roundcube and crushftp's web interfaces. From digging through the folders of the wiki, it seems like how they get the images that make up the header is from referencing a gif or jpg that tells it what pixels to display in the header from the image. That's not extremely difficult to me, but, the passing authentication and having it display in the body to the services is.
  I'm aware of roundcube having some plugins for this purpose, but unsure of how to implement them not knowing what kind of authentication is being used already for the wiki. As for crushftp's web interface i'm more in the dark as far as how to make this work.
  I did notice a reference in wikid.conf to "apple_utilities.Authentication.WikiAuthenticationProvider" for "authenticationProvider", but im not sure what type of authentication is taking place.
  Any ideas? Any help would be greatly appreciated.

  Thanks every one for your valuable solutions.
  Issue is Solved by unchecking the flag.
  wa_header-INV_TRAN = 'X'.
  Thanks & Regards,
  Ramjee.

• Unable to register a secondary ACS 5.2 appliance

  Hello,
       I have installed 2 ACS 5.2 appliances, the two appear as Primary. When I try to register one of them with the other one using "System Administrator -> Local Operation -> Deployment Operations" I get the following message:
  This System Failure occurred:  Unable to authenticate with node.. Your changes have not been saved.Click OK to return to the list page.
  I have tried with both "ACSAdmin" and "admin" users with their respective passwords.
  Am I doing anything wrong?
  Is there any LOG I can check to troubleshoot this?
  Thanks a lot!!!
  Regards,
  Julio

  I finally found the problem. I was using admin user (super user priviledges). I created another user with all permissions and it worked.
  Thanks a lot.

• Remote Logging for ACS

  I am testing remote logging in ACS. Is it by design that logging from all ACS appliances goes to the same files configured by the Configuration Provider? Whatever is specified in the other ACS appliances is ignored and all entries from all appliances end up being logged to the same file.
  Just would like confirmation. Thanks.

  Hi
  There are some real problems with remote logging:
  1) Requires a dedicated server to receive logs
  2) Not all logs are supported
  3) Constant increased traffic over WAN
  4) Added CPU burden on each ACS
  5) Increased latency in AAA responses from ACS
  Take a look at CSVSYNC. Its our answer to all these issues. A simple CLI driven .exe that can connect via HTTP(s) to any number of ACSs (software and appliace) and pull down *all* csv logs.
  It can be scheduled and scripted to run at quiet times.
  Regards
  Darran
  www.extraxi.com/utils.htm

• How to pass authentication token with the request. Error in executing

  Hi,
  I am trying to do a service call.  This service is provided by a third party.  I used SOAP UI tester to test the service and it gives proper response for a request.
  I tried to create a client proxy and execute the method call, but it fails.  In SICF recorder, I found that the request that goes into the service does not contain the authentication token.  But in the SOAP UI tool when I input the WSDL file, it created a sample request, with authentication token in header section.
  But the proxy class generated in the system, contains a input structure, which does not have this authentication structure in it.
  Please guide me if there is any different method used to pass this authentication information.  The structure of authentication structure is
  <web:licenseKey>?</web:licenseKey>
          <web:password>?</web:password>
          <web:username>?</web:username>
  I thought that this authentication information should be given in settings of logical port.  But the logical port has only user name and password.  There is no place holder for License key.
  In summary: My query is that, there is no structure generated for SOAP header where I can pass authentication information, hence the request that goes into the service from SAP does not contain the authentication token.  This results in a error non-soap message/error type 500.
  Sample request that worked in SOAP UI tester is
  <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:web="http://webservices.smc.com">
     <soapenv:Header>
        <web:AuthenticationToken>
           <web:licenseKey>XYZA</web:licenseKey>
          <web:password>ABC123</web:password>
          <web:username>suresh<AT>gmail<DOT>com</web:username>
        </web:AuthenticationToken>
     </soapenv:Header>
     <soapenv:Body>
        <web:isReady/>
     </soapenv:Body>
  </soapenv:Envelope>
  The request that goes out of the SAP system does not contain, the AuthenticationToken part.
  Thanks and best regards,
  Suresh.

  You would need to write a webservice handler for your physical data service to implement the security.
  http://download.oracle.com/docs/cd/E13162_01/odsi/docs10gr3/datasrvc/How%20To%20Create%20SOAP%20Handlers%20for%20Imported%20WSDLs.html

• ACS v4.0 - Appliance vs. Server

  With the appliance coming into line with the server version of the ACS, what are the advantages of one over the other? I know the advantage to the engine is security hardened device. This doesn't matter to me. I want to know the advantages you have found and or the bugs you've found in one or the other.

  I would 2nd that... and I used to work in ACS dev.
  Appliances are great for simple things. ACS is primarily application software with a complicated set of interfaces that were not designed with appliancing in mind.
  When (if?) Cisco ever get around to re-architecting ACS then it may be different story.

• Change IP Address ACS 4.2 Appliance

  Hello,
  I have an ACS 4.2 Appliance integrated with AD and CA in Windows 2K3 both of then working OK and Remote Agent, but we want to change the IP Address of the ACS 4.2 Appliance, What is the procedure to do this? have i install the certified again? i know that certified depend of hostname and ip address.
  Thank You
  Álvaro

  Hello,I
  have an ACS 4.2 Appliance integrated with AD and CA in Windows 2K3 both
  of then working OK and Remote Agent, but we want to change the IP
  Address of the ACS 4.2 Appliance, What is the procedure to do this?
  have i install the certified again? i know that certified depend of
  hostname and ip address.Thank YouÁlvaro
  Hi Alvaro,
  Best take the  serial console of the ACS Appliance and type set ip and follow the procedure to change the ip address
  http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_solution_engine/4.2/installation/guide/solution_engine/admap.html
  Hope to Help !!
  Ganesh.H
  Remember to rate the helpful post

• Is it posible? two ACS 4.2 Appliance with the same remote agent

  Hello,
  I have a ACS 4.2 Appliance integrate with Active Directory, CA and Remote Agent, i want to agregate another ACS 4.2 Appliance with the same configuration, the same Active Directory, CA. my question is: can i configure the another ACS with the same Remote Agent of the first? in other words ...
  i attach the diagram.
  Thank you

  I have a
  ACS 4.2 Appliance integrate with Active Directory, CA and Remote Agent,
  i want to agregate another ACS 4.2 Appliance with the same
  configuration, the same Active Directory, CA. my question is: can i
  configure the another ACS with the same Remote Agent of the first? in
  other words ...i attach the diagram.Thank you
  Hi,
  Maximum number of appliances supported—While a single Cisco Secure ACS Remote Agent can provide services to many Cisco Secure ACS Appliances, support is limited to five concurrent connections by the appliances served. For example, if you have three appliances that are primary Cisco Secure ACSes and three appliances that are secondary Cisco Secure ACSes used for failover purposes only, the remote agent can provide services to all six appliances and stay below the maximum of five concurrent connections.
  http://www.cisco.com/en/US/products/sw/secursw/ps5338/products_installation_and_configuration_guide_chapter09186a0080193aa1.html
  Hope to Help !!
  Ganesh.H
  Remember to rate the helpful post

• ACS 4.2 appliance external database configuration with AD

  Dear All,
  How to configure external database in ACS 4.2 appliance for Windows Active Directory.Active Directory is configured in Windows 2012.ACS internal database is working fine without interruption.What configuration is requred to configure external database(Active Directory).It would be highly appreciated if you share your experience with me.
  Thanks,
  AS

  Please check
  Supported Interoperable Devices and Software Tables for Cisco Secure ACS Release 4.2
  http://www.cisco.com/c/en/us/td/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4-2/device/guide/sdt42.html

• What does acs 4.1 appliance join a domain????

  Hi all!
  I'm first do acs 4.1, i have a problem as What does acs 4.1 appliance join a domain????
  I lab with acs 4.1 on window server 2003 is ok, but when work with acs 4.1 appliance, i don't know join domain for this appliance so not use window database
  I want setup window database but not successful
  Please help me !!!!!!!
  thanks very much

  Hi,
  Use ACS appliance remote agent:
  ACS SE remote agent installation guide:
  http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacsapp/csapp41/rase41/index.htm
  http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_solution_engine/3.3/installation/guide/remote_agent/ra.html
  ACS SE RA:
  http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.1/user/LgsRpts.html#wp638135