Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Wireless ---> Cisco ACS (To many logs)

Hi,

We required to setup several IOS wireless points with MAC-address authentication using the cisco acs. I have it working but the problem is that even rouge devices try connecting and this causes loads of failed attempts in the failed report, there are about 8 attempts per second so imagine my database size. The question is??? Can I configure the ACS not to log failed attempts on the ACS?

3 REPLIES
Silver

Re: Wireless ---> Cisco ACS (To many logs)

On the AAA server yo can go into the System configuration, CSV Failed Attempts File Configuration, and in the log file management section choose a small file size and in the Directory section check the "manage directory button". This will automagically eliminate any disk concerns.

Silver

Re: Wireless ---> Cisco ACS (To many logs)

Tough one... if you switch off or limit the failed attempts you wont see genunine failures.

An alternative is to use our CSVSYNC tool to regularly download the logs to another PC (doesnt have to be a server). Once there our AAA-REPORTS! application can pre-filter the junk out of the failed (and other) logs as it imports. At the same time directory management on the ACS can be set to purge logs a short time after they've been downloaded.

You're then left with just the real failed attempts in our SQL DB backed report generator - from where you can either run canned reports or use our visual query builder to sort/filter/group/total/export the data.

New Member

Re: Wireless ---> Cisco ACS (To many logs)

Hi,

The ideal solution would be if I could disable or rate limit the failed authentications for a specified device in the ACS.

115
Views
0
Helpful
3
Replies