LMS 3.0 and ACS 4.1.3p2 integration question

Unanswered Question

Part of the LMS 3.0 functionality is to see the integrated AAA server logs, but I don't use remote logging because of its propensity to block and hang. I use 5 AAA servers georgraphically distributed. I know with 2.5.1 I'd only see one servers logs and only if I were using centralized remote logging on the server I integrated the system with would I see all the log file entries. Does this still hold true ?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Joe Clarke Sat, 07/28/2007 - 17:15

I'm not sure I understand what you're asking. Are you referring to logging on the ACS? There have been some changes with the way LMS integrates with ACS in 3.0, but nothing that would affect ACS logging. Basically, we now use a single connection to do all of the integration steps. This helps avoid an exhaustion of ACS admin ports.

Joe Clarke Sat, 07/28/2007 - 22:26

I know of no where in LMS where you can view the ACS logs. LMS has its own audit logs, but those are separate from the accounting logs on ACS. But maybe we're not on the same page. To which specific logs do you refer?

Ok, I've taken the time to go dig up the link:


Viewing Audit Logs

Audit Logs track system activities that occur within CiscoWorks Common Services client applications. Each client application determines what specific activities are logged; however, the following types of activities are typically logged by all client applications:

User Login?A log entry is made each time a user logs in to a client application.

User Logout?A log entry is made each time a user logs out of or shuts down a client application.

Activity State Change?A log entry is made for each create, open, close, submit, and undo activity that occurs in a client application.

Authorized Commands?A log entry is made each time a user performs an operation that requires authorization in a client application.

Wizard Completion?A log entry is made each time a wizard is used and finished in a client application.

Activities specific to CiscoWorks Common Services are not logged in Audit Logs. Activities such as backups and restores are logged separately.

Audit Logs are stored as comma-separated value lists (CSVs). If you are using local authentication, the files are stored on the local server. If you are using ACS authentication, the files are stored on the ACS server and you can view them from within both ACS and CiscoWorks Common Services.

Since I use 4 active (master-slave-slave-slave)CiscoSecure ACS servers to authenticate without remote logging, the logs will only be present on 1 (one) of the boxes. For redundancy, capacity, and geographic latency reasons I won't point every one of my 6 ciscoworks servers to the same AAA server, I will however provide the identical authentication mechanisim in a distributed fashion. The functionality described in the link will only be localized and will not reflect a total viewpoint of whats occuring across the network. I'll have to provide that using the AAA reporting suite which automatically gathers all the logs from all the AAA servers. This would be a blind spot for the new Cisco Network Assistant.

Joe Clarke Sun, 07/29/2007 - 15:17

Ah, okay, these are the audit logs that I referred to previously. I'm not sure why it says these are stored on ACS. Yes, ACS will keep a record of these same activities, but you should be able to find them on the LMS server as well under NMSROOT/MDC/log/audit (even on LMS 2.5 and 2.6).

These same logs are also viewable in the GUI under Common Services > Server > Reports > Audit Log.


This Discussion