I was refering to the ability to review some of the acs logs from within LMS. Its kind of a moot point because if you use centralized logging (remote logging to a single aaa server) you run the risk of service blocking that will take down the aaa server if the message is not accepted at the remote end.

I know of no where in LMS where you can view the ACS logs. LMS has its own audit logs, but those are separate from the accounting logs on ACS. But maybe we're not on the same page. To which specific logs do you refer?

Ok, I've taken the time to go dig up the link:

http://www.cisco.com/en/US/products/sw/cscowork/ps3996/products_user_guide_chapter09186a00800e6e91.html#xtocid5

Viewing Audit Logs

Audit Logs track system activities that occur within CiscoWorks Common Services client applications. Each client application determines what specific activities are logged; however, the following types of activities are typically logged by all client applications:

User Login?A log entry is made each time a user logs in to a client application.

User Logout?A log entry is made each time a user logs out of or shuts down a client application.

Activity State Change?A log entry is made for each create, open, close, submit, and undo activity that occurs in a client application.

Authorized Commands?A log entry is made each time a user performs an operation that requires authorization in a client application.

Wizard Completion?A log entry is made each time a wizard is used and finished in a client application.

Activities specific to CiscoWorks Common Services are not logged in Audit Logs. Activities such as backups and restores are logged separately.

Audit Logs are stored as comma-separated value lists (CSVs). If you are using local authentication, the files are stored on the local server. If you are using ACS authentication, the files are stored on the ACS server and you can view them from within both ACS and CiscoWorks Common Services.

Since I use 4 active (master-slave-slave-slave)CiscoSecure ACS servers to authenticate without remote logging, the logs will only be present on 1 (one) of the boxes. For redundancy, capacity, and geographic latency reasons I won't point every one of my 6 ciscoworks servers to the same AAA server, I will however provide the identical authentication mechanisim in a distributed fashion. The functionality described in the link will only be localized and will not reflect a total viewpoint of whats occuring across the network. I'll have to provide that using the AAA reporting suite which automatically gathers all the logs from all the AAA servers. This would be a blind spot for the new Cisco Network Assistant.

Ah, okay, these are the audit logs that I referred to previously. I'm not sure why it says these are stored on ACS. Yes, ACS will keep a record of these same activities, but you should be able to find them on the LMS server as well under NMSROOT/MDC/log/audit (even on LMS 2.5 and 2.6).

These same logs are also viewable in the GUI under Common Services > Server > Reports > Audit Log.

Its all about accountability for auditing purposes.