Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Acs Radius Accounting Report Blank need VPN Logs

Dear Expert,

Kindly Guide what can be the cause of Radius accounting Report Blank.i can recieve logs in TACACS+,but auditor need two month before VPN logs what configuration need in ASA 5500 or ASDM and in ACS to complete this task..

Everyone's tags (2)
3 REPLIES

Hi Akbar,

Hi Akbar,

You can try by adding an ACL to filter the accounting resulsts for radius and map it to the respective aaa accounting statement to get logs.... you should get logs for all the hits....

 

!--- Using the aaa-server command, identify your AAA servers. If you have already
!--- identified your AAA servers, continue to the next step.

hostname(config)# aaa-server AuthOutbound protocol RADIUS
hostname(config-aaa-server-group)# exit


!--- Identify the server, including the AAA server group it belongs to and
!--- enter the IP address, Shared key of the AAA Server.

hostname(config)# aaa-server AuthOutbound (inside) host 10.1.1.1
hostname(config-aaa-server-host)# key TACPlusUauthKey
hostname(config-aaa-server-host)# exit


!--- Using the access-list command, create an access list that identifies the source  
!--- addresses anddestination addresses of traffic you want to authenticate.

hostname(config)# access-list TELNET_AUTH extended permit tcp any any eq telnet


!--- Using the access-list command, create an access list that identifies the source  
!--- addresses anddestination addresses of traffic you want to Authorize and Accounting.

hostname(config)# access-list SERVER_AUTH extended permit tcp any any


!--- configure authentication, enter this command:

hostname(config)# aaa authentication match TELNET_AUTH inside AuthOutbound


!--- configure authorization, enter this command:

hostname(config)# aaa authorization match SERVER_AUTH inside AuthOutbound

!--- This command causes the PIX Firewall to send 
!--- RADIUS accounting packets for RADIUS-authenticated outbound sessions to the AAA  
!--- server group named "AuthOutbound":

hostname(config)# aaa accounting match SERVER_AUTH inside AuthOutbound

RADIUS Accounting Using ACS Configuration

The CSV logger records data for logging attributes in columns separated by commas (,). You can import this format into a variety of third-party applications, such as Microsoft Excel or Microsoft Access. After you import data from a CSV file into such applications, you can prepare charts or perform queries, such as determining how many hours a user was logged into the network during a given period. For information about how to use a CSV file in a third-party application such as Microsoft Excel, see the documentation from the third-party vendor.

You can access the CSV files on the ACS server hard drive or you can download the CSV file from the web interface.

By default, ACS keeps log files in directories that are unique to the log. You can configure the log file location of CSV logs. The default directories for all logs reside in sysdrive:\Program Files\CiscoSecure ACS vx.x.

In order to configure CiscoSecure ACS to perform RADIUS accounting using CSV, perform these steps:

  1. In the navigation bar, click System Configuration.

  2. Click Logging. The Logging Configuration page appears.

  3. Select CSV RADIUS Accounting.

  4. Confirm that the Log to CSV RADIUS Accounting report check box is selected. If it is not selected, select it now.

  5. In the Select Attributes To Log table, make sure that the RADIUS attributes you want to see in the RADIUS accounting log appear in the Logged Attributes list. In addition to the standard RADIUS attributes, there are several special logging attributes provided by CiscoSecure ACS, such as Real Name, ExtDB Info, and Logged Remotely.

  6. (Optional) If you are using CiscoSecure ACS for Windows Server, you can specify log file management, which determines how large RADIUS account files can be, how many are retained, for how long, and where they are stored.

  7. If you have made changes to RADIUS accounting configuration, click Submit. CiscoSecure ACS saves and implements the changes you made to its RADIUS accounting configuration.

Regards

Karthik

New Member

Dear Karthik,

Dear Karthik,

Thank you for reply and giving me a great information..i can access through VPN with cisco VPN client using ACS VPN user and Password..

i want to know that is ACS using telnet or ssh for getting logs thats why you sent me below access-list or this is something else

hostname(config)# access-list TELNET_AUTH extended permit tcp any any eq telnet

Regards,

Akbar

Hi Akbar,TELENET_AUTH is used

Hi Akbar,

TELENET_AUTH is used for getting authentication logs.....

What i have given is just a sample.... you can create an access-list as shown in the example SERVER_AUTH, which is refering to authorization and accounting..... so if you do that you will get the source and destination ip address details with authorization and accounting logs.....

 

Relevant cisco acs configuration is also explained in same excerpt....

 

Regards

Karthik

307
Views
0
Helpful
3
Replies