ACS AAA CSV log forwarding -how??

Unanswered Question
Oct 12th, 2008

I have an ACS v4.1 appliance. I basically want to create copies of all the AAA CSV logs to an ACS for Windows server. I can see how todo this if both are ACS fo Windows servers by using the Advanced Options>Remote Logging option and then defining the 2nd ACS as a AAA server on the first ACS. However, ACS appliance doesn't let you select a AAA server for remote logging. How do you get round this or is this not supported?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 1 (1 ratings)
Loading.
Jagdeep Gambhir Mon, 10/13/2008 - 05:11

In appliance we can send those log to server where we have remote agent installed.

---> Here is the info about the way remote logging works in acs appliance.

In Solution Engine, A log file written into till it reaches 10 MB in size, Cisco Secure

ACS starts a new log file. Cisco Secure ACS retains the most recent 7 log files for each

CSV log. There is no option to create daily files in Solution Engine until we use Remote

Agent for Remote logging.That will give us an option for creating daily log files.

The links given below give details about the default logging and remote logging in

Solution Engine.

http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacsapp/csa

pp33/user/r.htm#wp952081

http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacsapp/csa

pp33/user/r.htm#wp952361

Regards,

~JG

Do rate helpful posts

rcullum Mon, 10/13/2008 - 05:41

Sorry, but read my mail. I want to forward logs from an ACS appliance to another ACS for Windows server , not a server running remote agent.

Jagdeep Gambhir Mon, 10/13/2008 - 05:47

Please read my reply and check those links carefully. ACS appliance can only send logs to the server where we have remote agent installed.

So if you want to send logs to another acs for windows server you would need to install remote agent on that SERVER.

If you check those link , you would know what I am talking about :-)

rcullum Mon, 10/13/2008 - 08:24

Thanks. Yes, but I wanted to be able to view the remote agent logs as accounting logs in the ACS for Windows Server Web Interface as well. This I can do by default if forwarding from one ACS for Windows server to another. I have found that if I configure the ACS Appliance Agent Log path to match the ACS for Windows log path for all the CSV accounting logs, I can get the records to appear in the remote ACS for Windows Web UI. However, you then have the situation where both ACS Appliance and the ACS for Windows try to manage the same logs!!

rcullum Tue, 10/14/2008 - 00:59

I have since found that if I configure the ACS Appliance Agent Log path to match the ACS for Windows log path for all the CSV accounting logs, this stops the ACS for Windows CSLog service! So although I would see logs from the Remote Agent in the ACS for Windows UI, I no longer see logs generated by this ACS for Windows. So looks like I need a different CSV viewer for RA logs. Still not as neat as the Log forwarding available between ACS for Windows servers.

darpotter Tue, 10/14/2008 - 22:27

Just a thought, but on your SW ACS you could install extraxi csvsync to pull the logs from the appliance. If you configured it to put the downloaded logs into SW ACS Logs folder you'd see both sets using the ACS Admin.

You would need to use log renaming to avoid filename clashes.

http://www.extraxi.com/csvsync.htm

Actions

This Discussion