cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
521
Views
3
Helpful
3
Replies

AAA Report

I have Cisco ACS 4.1.3 , in which I have configured Downloadable ACL for different users. I wanted to know how can I get a report that shows User X has Downloadable ACL "A" , user Y has ACL B and so on.

Regards

1 Accepted Solution

Accepted Solutions

Jagdeep Gambhir
Level 10
Level 10

Hi Yousuf,

Please go to ACS--> System config-->Logging->Passed authentication-->Config->Drag DACL to Logged attributes-> Submit.

Click Up or Down to move the column for this attribute to the desired position in the log. Repeat until all the desired attributes are in the desired position in the Logged Attributes column

Regards,

~JG

Do rate helpful posts

View solution in original post

3 Replies 3

Jagdeep Gambhir
Level 10
Level 10

Hi Yousuf,

Please go to ACS--> System config-->Logging->Passed authentication-->Config->Drag DACL to Logged attributes-> Submit.

Click Up or Down to move the column for this attribute to the desired position in the log. Repeat until all the desired attributes are in the desired position in the Logged Attributes column

Regards,

~JG

Do rate helpful posts

darpotter
Level 5
Level 5

AFAIK there is nothing available today that can produce the report you require, however....

With extraxi aaa-reports! we have the ability to import the ACS user/group database to report on many aspects of the database. Right not we dont have a report on Downloadable ACLs, but if you wish to tell us more about your requirement (via our contact page on extraxi.com) its quite possible we could get it added quite quickly.

If the per-group/user values are present aaa-reports! will already see them and its a matter of exposing them in a report or our point and click query builder.

Of course, you can (as the other posted noted) see what ACLs were assigned to sessions via the passed authentications log, but if your requirement is about policy audit you'll need to report on the database. If you have multiple ACS servers we can import all the logs from them for consolidated reporting too!

60 day free trial available from http://www.extrax.com

Best wishes

Darran

Yousuf,


You can also refer RDS logs to get detailed information for any user. You would see many attributes in the radius packet along with the DACL being downloaded and applied for a user.


In ACS windows, you can find RDS logs under ACS install directory and In ACS SE you need to generate package.cab file.


HTH

Regards,

JK


Plz rate helpful posts-

~Jatin
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: