I would like to know about any existing procedure to know when a user attempted to login using TACACS+ in the ACS server reports.
In brief, I want to know if there is any feature or option in CiscoSecure ACS to know when a user attempted to login? The administration reports, passed authentication reports are all available but on a daily basis which is very cumbersome to select them and then find for this particular user.
The Cisco Secure Access Control Server Release 4.1, hereafter referred to as ACS, produces a variety of logs. You can download many of these logs, or view them in the ACS web interface as HTML reports.
configure aaa accounting for exec sessions to tacacs on the devices which are getting authenticated to tacacs, that will populate logs in tacacs accounting and will let you know the user got authenticated to tacacs.
ACS reporting is horrid. Your best bet is a 3rd party app called aaa-reports! from extraxi. You 2nd best bet is to write your own app to pull .CSV logs into a database like MS Access and then parse from there. I was headed down the 2nd path before I tried out aaa-reports, and while the reports aren't that fancy, the importing is flawless and the query engine is fantastic. You can run "group by" queries and aggregate on things you never could via the native interface or Excel. I have two ACS appliances so trying to pull logs from both boxes is nearly impossible. (well, possible, but time consuming!). A fully-functionaly, time limited (90 days?) version is available on their site.
The best part is the guys that wrote it used to work in the ACS group at Cisco, and they know their stuff.
Disclaimer: I have no relationship to extraxi; I'm not even a customer yet. But I have been beta-testing a enterprise version of the product and can't really see how I can live without it going forward. Also, AFAIK there are no competing products in this space, either for $$ or free/open-source. If you find anything please let us know.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :