Lobby Ambassador - WCS Logging of Guest Account Creation

Unanswered Question
Apr 1st, 2009

Hello all,

If I am user "admin-ken" and I setup an guest user account "guestuser1" via the WCS controller templates > Guest User (which takes me into lobby ambassador), is there a log file that indicates that "admin-ken" had setup "guestuser1" guest account?

Many thx indeed,

Kind regards,

Ken

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
rob.huffman Wed, 04/01/2009 - 06:53

HiKen,

Hope all is well :)

Maybe this is what you are looking for;

Logging the Lobby Ambassador Activities

The following activities are logged for each lobby ambassador account:

•Lobby ambassador login: WCS logs the authentication operation results for all users.

•Guest user creation: When a lobby ambassador creates a guest user account, WCS logs the guest user name.

•Guest user deletion: When a lobby ambassador deletes the guest user account, WCS logs the deleted guest user name.

•Account updates: WCS logs the details of any updates made to the guest user account. For example, increasing the life time.

Follow these steps to view the lobby ambassador activities.

--------------------------------------------------------------------------------

Note You must have superuser status to open this window.

--------------------------------------------------------------------------------

--------------------------------------------------------------------------------

Step 1 Log into the Navigator or WCS user interface as an administrator.

Step 2 Click Administration > AAA, then click Groups in the left sidebar menu to display the All Groups window.

Step 3 On the All Groups windows, click the Audit Trail icon for the lobby ambassador account you want to view. The Audit Trail window for the lobby ambassador displays.

This window enables you to view a list of lobby ambassador activities over time.

•User: User login name

•Operation: Type of operation audited

•Time: Time operation was audited

•Status: Success or failure

Step 4 To clear the audit trail, choose Clear Audit Trail from the Select a command drop-down menu and click GO.

http://www.cisco.com/en/US/docs/wireless/wcs/4.2/configuration/guide/wcsmanag.html#wp1076868

http://www.cisco.com/en/US/docs/wireless/technology/guest_access/technical/reference/4.1/GAccess_41.html#wp1001609

Hope this helps!

Rob

kfarrington Wed, 04/01/2009 - 07:23

Hi Rob,

I am well thankyou very much. Hope all is cool on your side of the fence :))

So having a look at the documentation provided, as you state, you look at the audit trail.

I dont see any audit trail for the groups at all? maybe a config setting to enable audit trails?

Also, I omitted to mention, we are using TACACS for access to the WCS. From our TACACS servers a user is assigned to a group, either admin or lobby ambassador (to be honext, i dont look after tacacs, so maybe have to engage my network managment team).

Would that be a problem, that we are using TACACS for authentication to the WCS.

We have two scenarios here:

A simple admin user, that is tasked for setting up a guest user, ie receptionist or secretary. They have a TACACS account setup that when they log into th WCS, they go to the lobby ambassador page.

Secondly, we have the administrators that monirot the WCS 24x7 and they are in change of setting up guest user accounts for out of hours, so when they login to WCS, they get all the main pages for WCS admin control, but can use the configure -> Controller Templates ->guest users. Otherwise, they would need two tacacs accounts, one for moniroting and one for lobby ambassador?

Does this sound reasonable?

Also as mentioned, do you need to enable audit trails?

Not sure how tacacs interacts with the WCS?

Many thx as always mate :))

Ken

kfarrington Wed, 04/01/2009 - 09:33

Hi All,

A snippet more of info on this.

As I am using TACACS to log into the WCS, when I am logged in and go to Administration > AAA > Active Sessions

you can see active sessions, ie me, and then get the audit trail (which has everthing we need), but only when I am logged in.

So if a user was not logged into the WCS via TACACS, there is no way of getting the audit trail for that user.

Also, one would assume, that there would be a log on the system somewhere, so we can pull this data off when the user is not logged in?? The reason I say this, is that when I log in and my session is active, I see data for my username from a week ago in the audit trail, not just my current active session?

Many thx indeed,

Ken

kfarrington Fri, 04/03/2009 - 01:40

Hi Rob and all,

Another snippet of info here.

Our network managment people have found a way.

If you use tacacs and the user is not logged in, we have found a way to get the audit trail.

https://WCSServer/webacs/auditTrailGeneralAction.do?command=list&isuser=true&name=admin-ken

Even if admin-ken is not logged in, it pulls the audit trail for admin-ken up.

As Rob says, this audit trail gives us everything we need.

One last question though:

Where is this information storede on the WCS server so we can pull it off, and can you configure the audit trail rentention period (history) so we could have this info for three months or longer?

Many thx all,

Excellent stuff :)

Kind regards,

Ken

kfarrington Fri, 04/03/2009 - 02:59

Just found this

http://www.cisco.com/en/US/docs/wireless/wcs/5.0/configuration/guide/wcsmanag.html

It says

Note WCS keeps all Audit Trail records for up to 7 days. The nightly data cleanup task cleans all records which are older than 7 days.

Umm, would like to see if we can increase this? Or how to pull it off with an automatic download to another managment station before the logs are overwritten?

Thoughts?

Many thx,

Ken

rob.huffman Fri, 04/03/2009 - 06:56

Hey Ken,

Sorry for the delay in getting back to you :) It looks like you have made some great progress here (+5 points for posting up your results) The one solution link is broken (can you please check for us)

I just wanted you to have a look at this "canned" report;

WCS Guest Operations Report-Provides historical data including the time the event occurred, the

guest user's name, the lobby ambassador operation (create, modify, or delete guest user), and the

activity result (success or failure).

http://www.cisco.com/en/US/docs/wireless/wcs/5.2/configuration/guide/5_2reps.pdf

Cheers!

Rob

kfarrington Fri, 04/03/2009 - 07:06

Hi Rob,

Many thx for the kind words :))

I only have WCS version 4.2.62.11 so not sure that this is an option, as I cannot see Guest user reports under the reports title?

Thats a real shame :(

I suppose I am still going to be looking at pulling this off manually, for compliant purposes if I can find a way?

Great stuff, and thanks for the continued help mate :))

Kind regards,

Ken

Actions

This Discussion

 

 

Trending Topics - Security & Network