How to configure logs from Cisco ACS Server for Windows to be collected by TIBCO LogLogic LMI

How to configure logs from Cisco ACS Server for Windows to be collected by TIBCO LogLogic LMI

book

Article ID: KB0077112

calendar_today

Updated On: 07-26-2016

Products Versions
TIBCO LogLogic Log Management Intelligence all versions

Description

Collecting Cisco ACS logs requires file pulls to be configured on LogLogic LMI as well as logging to be enabled to CSV files in the Cisco ACS application. This article addresses the Cisco ACS side of the configuration.

Issue/Introduction

This article explains how to get Cisco ACS Server for Windows logs collected by LogLogic LMi.

Resolution

To access the Logging Configuration options for Cisco Secure ACS for Windows:
1. Log in to the Cisco Secure ACS UI.
2. Select System Configuration.
      (The System Configuration page appears)
3. Click Logging.
      (The Logging Configuration page appears)
4. From the Logging Configuration page, click CSV Failed Attempts.
5. Scroll down to the bottom of the CSV Failed Attempts page and select the Generate New File Every Day radio button.
6. Select the Manage Directory checkbox to enable the feature.
7. Select the Delete files older than X Days radio button.
8. Enter 2 in the Delete files older than X Days field.

Note:
The CSV Failed Attempts log is rotated every day around midnight. The log files are stored in C:\Program Files\CiscoSecure ACS Vx.x\Logs\Failed Attempts, where Vx.x is the version of ACS you are running.
 
 
In addition if you would like to capture accounting logs use the next procedure.
1. From the Logging Configuration page, click CSV RADIUS Accounting.
2. Scroll down to the bottom of the CSV RADIUS Accounting page and select the Generate New File Every Day radio button.
3. Select the Manage Directory checkbox to enable the feature.
4. Select the Delete files older than X Days radio button.
5. Enter 2 in the Delete files older than X Days field.
 
Note:
The CSV RADIUS Accounting log is rotated every day around midnight. The log files are stored in C:\Program Files\CiscoSecure ACS Vx.x\Logs\RADIUS Accounting, where Vx.x is the version of ACS you are running
 
Note:
You will need setup file pulls in LogLogic LMI for the logs you want the appliance to collect.
 
Note:
The supported log attributes for the CSV Failed Attempts log are:
Message-Type
User-Name
Group-Name
Caller-ID
Authen-Failure-Code
Author-Failure-Code
Author-Data
NAS-Port
NAS-IP-Address
 
Note that the columns must be in this order and cannot be changed.