Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

AAA Report

I have Cisco ACS 4.1.3 , in which I have configured Downloadable ACL for different users. I wanted to know how can I get a report that shows User X has Downloadable ACL "A" , user Y has ACL B and so on.

Regards

1 ACCEPTED SOLUTION

Accepted Solutions

Re: AAA Report

Hi Yousuf,

Please go to ACS--> System config-->Logging->Passed authentication-->Config->Drag DACL to Logged attributes-> Submit.

Click Up or Down to move the column for this attribute to the desired position in the log. Repeat until all the desired attributes are in the desired position in the Logged Attributes column

Regards,

~JG

Do rate helpful posts

3 REPLIES

Re: AAA Report

Hi Yousuf,

Please go to ACS--> System config-->Logging->Passed authentication-->Config->Drag DACL to Logged attributes-> Submit.

Click Up or Down to move the column for this attribute to the desired position in the log. Repeat until all the desired attributes are in the desired position in the Logged Attributes column

Regards,

~JG

Do rate helpful posts

Silver

Re: AAA Report

AFAIK there is nothing available today that can produce the report you require, however....

With extraxi aaa-reports! we have the ability to import the ACS user/group database to report on many aspects of the database. Right not we dont have a report on Downloadable ACLs, but if you wish to tell us more about your requirement (via our contact page on extraxi.com) its quite possible we could get it added quite quickly.

If the per-group/user values are present aaa-reports! will already see them and its a matter of exposing them in a report or our point and click query builder.

Of course, you can (as the other posted noted) see what ACLs were assigned to sessions via the passed authentications log, but if your requirement is about policy audit you'll need to report on the database. If you have multiple ACS servers we can import all the logs from them for consolidated reporting too!

60 day free trial available from http://www.extrax.com

Best wishes

Darran

Cisco Employee

Re: AAA Report

Yousuf,


You can also refer RDS logs to get detailed information for any user. You would see many attributes in the radius packet along with the DACL being downloaded and applied for a user.


In ACS windows, you can find RDS logs under ACS install directory and In ACS SE you need to generate package.cab file.


HTH

Regards,

JK


Plz rate helpful posts-

~BR Jatin Katyal **Do rate helpful posts**
220
Views
3
Helpful
3
Replies
CreatePlease to create content