hi tarik,

thanks for ur reply

i want to know from where you got this information.Is there any documents releated to TACACS av/pairs and ACS own internal attributes.please mail me the docs on saurabh.saurabh015@gmail.com

i found some documents on TACACS av/pairs but the above attributes was not mentioned there.

i want the documents related to logging categories Authentication,TACACS + accounting,Administrative and operational audit.

i want to know about this line also....in AUthentication log

step=13005,step=15008,step=15004,....

what actually this sequence denotes and where i can find information on them?

Tarik Admani wrote:
Hi,
device ip address= a.b.c.d ip address of the network device that the user is requesting access to
user name=xyz username of the authentication request
protocol=TACACS The tacacs protocol
Request latency=0 latency based on the timestamp of the authentication event, and when it arrived to ACS
Network device Name=lab router Name that was configured in ACS
Type=Authentication User is requesting to authenticate
Action=login User is logging into the device
privilege-level=1 Current priv level of the authentication
Authen-type=ASCII Using PAP ascii for authentication (typical for tacacs)
Service=login Service type is login
User=xyz This is the username
port=tty6 port that the user is connected to
Remote address=v.x.y.z This is the ip address of the user work station
Username=xyz Username again
Acs Sessionid= This is usually seen in radius requests, not needed for tacacs
AuthenticationIdentityStore=Internal users The identity store that ACS used to authenticate the end user
Authentication method=PAP_ASCII PAP/ASCII for the authentication protocol (common for TACACS)
Selected Acess service=Default Device Admin This is the service selection rule matched in ACS
Selected shell profile=Enable This is the shell profile configured in ACS that the user matched against
Identity group=All groups:zales_admin_user This is the identity group that the user matched.
As you can see ACS uses a combination of the tacacs av/pairs along with its own internal attributes that you can assign to the end user in order to make decisions. You can combine attributes such as identity group of the user and the remote address to lock down a group of users from authentication to devices from a particular workstation...for example.
Let me know if that helps you.
Tarik Admani 
*Please rate helpful posts*

thanks,

saurabh sharma

Saurabh,

The steps are usually explained in the log as they are processed, if you look in the first column. If you are looking failure reasons you can check the Monitoring and Reports > Monitoring Configuratoin > Failed Reasons Editor, and that will give you a definition of all the failure messages.

Here is a pdf of the tacacs a/v pairs -

http://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=2&cad=rja&ved=0CCUQFjAB&url=http%3A%2F%2Fwww.cisco.com%2Fen%2FUS%2Fdocs%2Fnet_mgmt%2Fcisco_secure_access_control_server_for_solution_engine%2F3.3%2Fuser%2Fguide%2Fac.pdf&ei=IHg9UKC6KYKorAGH...

Tarik Admani
*Please rate helpful posts*

Hi Tarik

Thanks for the information given above.

Can you please give me logs of ACS 5.4 and logs for above all fields.?

Also please tell me that what are the A-V pairs available in ACS 5.4 ?

Please mail me all log files on my mail id : shaileshpawar1711@gmail.com.

Thanks in advance.