Problem with TACACS+ administration reports

Unanswered Question
Jan 5th, 2010

Hi,

I am using ACS V 4.1 .

Under reports and activity when i try to check for TACACS+ administration report the report is getting generated but there is no data avaliable in the report.

In the router side the AAA configuration is proper,

Please help in this issue..let me know if any info is required.

Thanks,

Krishna.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Ganesh Hariharan Wed, 01/06/2010 - 02:59

Hi,

Actually it is bug with ACS 4.1bug CSCsg97429

After upgrading to ACS 4.1, TACACS+ Command Accounting no longer works. No accounting records are visible in the TACACS+ Administration log (bug CSCsg97429).

Command accounting is configured on the Network Access Server (NAS). No records are visible in the TACACS+ Administration log file after entering commands on the NAS. Debugs on the NAS show the records being sent, and they do arrive at the ACS server; but, the appropriate log file is not updated.

The patch information resolves this issue.

Click this link if you are using ACS for Windows: http://www.cisco.com/pcgi-bin/tablebuild.pl/acs-win-3des?psrtdcat20e2 and download:

•ACS-4.1.1.23-CSTacacs-SW-CSCsg97429.zip

•ACS-4.1.1.23-CSTacacs-SW-CSCsg97429-Readme.txt

Click this link if you are using ACS Solution Engine: http://www.cisco.com/pcgi-bin/tablebuild.pl/acs-soleng-3des?psrtdcat20e2 and download:

applAcs_4.1.1.23_ACS-4.1-CSTacacs-CSCsg97429.zip

Hope this helps out your query !!

Regards

Ganesh.H

Muhammad Zubair Wed, 11/24/2010 - 23:09

Hi,

Provided link don't have that patch file. Do you know any alternative or have file?

Vinay Sharma Thu, 11/25/2010 - 02:03

Hi,

These patch files has been moved out from the location. the other option will be upgrading (which is minor) to ACS 4.1.4 with latest patch will fix this Bug.

thanks,

Vinay

Tiago Antunes Thu, 11/25/2010 - 02:59

Hi,

All the patches and sw releases are now under the download software section of the cisco web page.

http://www.cisco.com/cisco/software/navigator.html?a=a&i=rch.

Products > Security > Identity Management > Cisco Secure Access Control Server for ...

Select either Solution Engine or Windows and then the sw or patches you want o download.

HTH,
Tiago

--

If  this helps you and/or answers your question please mark the question as  "answered" and/or rate it, so other users can easily find it.

darpotter Mon, 01/11/2010 - 03:40

Once you get the T+ command accounting working, be sure to take a look at extraxi aaa-reports! We've got the most advanced reports for TACACS+ plus much more:

  • ACS log collection client (csvsync) - supports mixed ACS versions (sw & appl) plus scheduled "bulk" download over http(s)
  • ACS database import feature for advanced T+ Device Admin audit reports (who can/did do what/where? style reports) for SOX/COB IT
  • Canned and custom reports via built in point 'n' click query builder incl calculated fields, grouping, filtering
  • Report generation in PDF, XLS, CSV etc
  • Automated log collection, import & report generation - report batches emailed directly to recipients
  • Standard and Enterprise versions availble
  • Prices from $2250 for 2 ACS server solution
  • No risk free trial version available from http://www.extraxi.com

Actions

This Discussion