AAA Report

Answered Question
Jan 28th, 2010
User Badges:

I have Cisco ACS 4.1.3 , in which I have configured Downloadable ACL for different users. I wanted to know how can I get a report that shows User X has Downloadable ACL "A" , user Y has ACL B and so on.


Regards

Correct Answer by Jagdeep Gambhir about 7 years 1 month ago

/* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:10.0pt; font-family:"Times New Roman"; mso-ansi-language:#0400; mso-fareast-language:#0400; mso-bidi-language:#0400;}

Hi Yousuf,

Please go to ACS--> System config-->Logging->Passed authentication-->Config->Drag DACL to Logged attributes-> Submit.


Click Up or Down to move the column for this attribute to the desired position in the log. Repeat until all the desired attributes are in the desired position in the Logged Attributes column

Regards,

~JG

Do rate helpful posts

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (2 ratings)
Loading.
Correct Answer
Jagdeep Gambhir Thu, 01/28/2010 - 06:37
User Badges:
  • Red, 2250 points or more

/* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:10.0pt; font-family:"Times New Roman"; mso-ansi-language:#0400; mso-fareast-language:#0400; mso-bidi-language:#0400;}

Hi Yousuf,

Please go to ACS--> System config-->Logging->Passed authentication-->Config->Drag DACL to Logged attributes-> Submit.


Click Up or Down to move the column for this attribute to the desired position in the log. Repeat until all the desired attributes are in the desired position in the Logged Attributes column

Regards,

~JG

Do rate helpful posts

darpotter Thu, 01/28/2010 - 06:39
User Badges:
  • Silver, 250 points or more

AFAIK there is nothing available today that can produce the report you require, however....


With extraxi aaa-reports! we have the ability to import the ACS user/group database to report on many aspects of the database. Right not we dont have a report on Downloadable ACLs, but if you wish to tell us more about your requirement (via our contact page on extraxi.com) its quite possible we could get it added quite quickly.


If the per-group/user values are present aaa-reports! will already see them and its a matter of exposing them in a report or our point and click query builder.


Of course, you can (as the other posted noted) see what ACLs were assigned to sessions via the passed authentications log, but if your requirement is about policy audit you'll need to report on the database. If you have multiple ACS servers we can import all the logs from them for consolidated reporting too!


60 day free trial available from http://www.extrax.com


Best wishes

Darran

Jatin Katyal Thu, 01/28/2010 - 07:09
User Badges:
  • Cisco Employee,

Yousuf,


You can also refer RDS logs to get detailed information for any user. You would see many attributes in the radius packet along with the DACL being downloaded and applied for a user.


In ACS windows, you can find RDS logs under ACS install directory and In ACS SE you need to generate package.cab file.


HTH

Regards,

JK


Plz rate helpful posts-

Actions

This Discussion