Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1137
Views
0
Helpful
3
Replies

Last login attempt of a user in TACACS+

palukuri77
Level 1
Level 1

‎04-10-2008 01:37 AM - edited ‎02-21-2020 03:40 PM

Hello,

I would like to know about any existing procedure to know when a user attempted to login using TACACS+ in the ACS server reports.

In brief, I want to know if there is any feature or option in CiscoSecure ACS to know when a user attempted to login? The administration reports, passed authentication reports are all available but on a daily basis which is very cumbersome to select them and then find for this particular user.

Thanks in advance,

Subhash.

Labels:
0 Helpful
3 Replies 3

vkapoor5
Level 5
Level 5

‎04-16-2008 06:23 AM

The Cisco Secure Access Control Server Release 4.1, hereafter referred to as ACS, produces a variety of logs. You can download many of these logs, or view them in the ACS web interface as HTML reports.

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.1/user/LgsRpts.html

0 Helpful

rochopra
Cisco Employee
Cisco Employee

‎04-16-2008 07:41 AM

configure aaa accounting for exec sessions to tacacs on the devices which are getting authenticated to tacacs, that will populate logs in tacacs accounting and will let you know the user got authenticated to tacacs.

: Rohit

0 Helpful

clausonna
Level 3
Level 3

‎04-16-2008 05:44 PM

ACS reporting is horrid. Your best bet is a 3rd party app called aaa-reports! from extraxi. You 2nd best bet is to write your own app to pull .CSV logs into a database like MS Access and then parse from there. I was headed down the 2nd path before I tried out aaa-reports, and while the reports aren't that fancy, the importing is flawless and the query engine is fantastic. You can run "group by" queries and aggregate on things you never could via the native interface or Excel. I have two ACS appliances so trying to pull logs from both boxes is nearly impossible. (well, possible, but time consuming!). A fully-functionaly, time limited (90 days?) version is available on their site.

The best part is the guys that wrote it used to work in the ACS group at Cisco, and they know their stuff.

Disclaimer: I have no relationship to extraxi; I'm not even a customer yet. But I have been beta-testing a enterprise version of the product and can't really see how I can live without it going forward. Also, AFAIK there are no competing products in this space, either for $$ or free/open-source. If you find anything please let us know.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents