Syslog configuration in Cisco ACS 5.2.0.26

Unanswered Question
Feb 19th, 2012

Hi All ,

I want send ACS logs to a syslog server .I have configured syslog under  System Administration --> Configuration -->Remote Log Targets .

Name : Syslog Server

IP     : x.x.x.x

Port : 514

Facility Code:Local 6

Maximum length :1024

I have open the respective ports also in firewall .

But Syslog server is not getting any logs from ACS .

I have another log target ,which is ACS secondary server to collect the log from primary and secondary with below config.whch is working fine

Name :Logcollector

IP     : x.x.x.x

Port : 20514

Facility Code:Local 6

Maximum length :1024

Kindly Advice ..

Thanks ,

Sandeep

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 5 (1 ratings)
dancicioiu Sun, 02/19/2012 - 03:05

Hi ,

Look at the ports. First one is 514 , the second is 20514.

Dan

sandeep.tk Sun, 02/19/2012 - 04:55

HI ,

Port - Port to which the syslog server listens. The default is 514. The value can be from 1 to 65535.

Regards ,

dancicioiu Sun, 02/19/2012 - 05:25

If I understood well , the syslog server has the port changed from 514 to 20514 , right ?

Dan

jrabinow Sun, 02/19/2012 - 13:46

After adding a new log traget you need to select the log categories that will be sent to that log target

Go to

System Administration > Configuration > Log Configuration > Logging Categories > Global

Click on a category: eg Passed Authentications

Select remote Syslog tab. If want to send messages in this category to the new log target then select the log target in the list of "Select Targets"

Note this GUI is hierarchical, so if make a change for example to "AAA Audit" it applies to both "Failed Attempts' and "Passed Authentications" category

sandeep.tk Sun, 02/19/2012 - 23:12

Hi

Thanks for your reply .I have already done the above configuration .Still syslog is not getting logs .

Logs from the ACS is reaching to log collector of syslog server .there is some problem with log fromat it seems .

Kindly advice do we need to do any other configurations ,other than the above .

Thanks & Regards ,

Sandeep

jrabinow Sun, 02/19/2012 - 23:20

There is no further configuration required. You mentioned that logs are reaching the log collector of syslog server. I do not know what format issues you are seeing

sandeep.tk Mon, 02/20/2012 - 01:20

The  logs receiving is not in proper format .unable to understand the details in logs .Please find the below example

"Feb 20 12:48:40 ACS0   CSCOacs_Passed_Authentications: 0000412469 3 0 2012-02-20 12:48:40.225 +04:00 0188387558 5200 NOTICE Passed-Authentication: Authentication succeeded, ACSVersion=acs-5.2.0.26-B.3075, ConfigVersionId=868, Device IP Address=x.x.x.x, UserName=frad.cole, Protocol=Radius, RequestLatency=24, NetworkDeviceName=dxb-palmj-pop-s93-bds1a, User-Name=frad.cole, NAS-IP-Address=x.x.x.x, NAS-Port=0, Service-Type=Administrative, Framed-Protocol=X.75 Synchronous, Framed-IP-Address=x.x.x.x, Login-IP-Host=x.x.x.x, NAS-Identifier=Dxb-PalmJ-POP-S93-BDS-1A, NAS-Port-Type=-1, NAS-Port-Id=slot=0\;subslot=0\;port=0\;vlanid=0, AcsSessionID=OACS0/109447559/11612656, AuthenticationIdentityStore=AD1, AuthenticationMethod=PAP_ASCII, SelectedAccessService=Radius Rules, SelectedAuthorizationProfiles=JUNIPER-Activation-Ent, SelectedAuthorizationProfiles=Radius-CiscoAVPair-lvl-1, IdentityGroup=IdentityGroup:All Groups:Migrated_Group:Enterprise-Activation, Step=11001 "

Is there any other setting to get the logs in proper fromat .

Do we need to change the "Facility Code:Local 6" to some other values .

Kindly advice .

Actions

Login or Register to take actions

This Discussion

Posted February 19, 2012 at 3:01 AM
Stats:
Replies:7 Avg. Rating:5
Views:1765 Votes:0
Shares:0
Tags: No tags.

Discussions Leaderboard