Last login attempt of a user in TACACS+

Unanswered Question
Apr 10th, 2008


I would like to know about any existing procedure to know when a user attempted to login using TACACS+ in the ACS server reports.

In brief, I want to know if there is any feature or option in CiscoSecure ACS to know when a user attempted to login? The administration reports, passed authentication reports are all available but on a daily basis which is very cumbersome to select them and then find for this particular user.

Thanks in advance,


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
rochopra Wed, 04/16/2008 - 07:41

configure aaa accounting for exec sessions to tacacs on the devices which are getting authenticated to tacacs, that will populate logs in tacacs accounting and will let you know the user got authenticated to tacacs.

: Rohit

clausonna Wed, 04/16/2008 - 17:44

ACS reporting is horrid. Your best bet is a 3rd party app called aaa-reports! from extraxi. You 2nd best bet is to write your own app to pull .CSV logs into a database like MS Access and then parse from there. I was headed down the 2nd path before I tried out aaa-reports, and while the reports aren't that fancy, the importing is flawless and the query engine is fantastic. You can run "group by" queries and aggregate on things you never could via the native interface or Excel. I have two ACS appliances so trying to pull logs from both boxes is nearly impossible. (well, possible, but time consuming!). A fully-functionaly, time limited (90 days?) version is available on their site.

The best part is the guys that wrote it used to work in the ACS group at Cisco, and they know their stuff.

Disclaimer: I have no relationship to extraxi; I'm not even a customer yet. But I have been beta-testing a enterprise version of the product and can't really see how I can live without it going forward. Also, AFAIK there are no competing products in this space, either for $$ or free/open-source. If you find anything please let us know.


This Discussion