How to configure logs from Cisco ACS Server for Windows to be collected by TIBCO LogLogic LMI
Welcome to "KB Articles"
How to configure logs from Cisco ACS Server for Windows to be collected by TIBCO LogLogic LMI
book
Article ID: KB0077112
calendar_today
Updated On: 07-26-2016
Products
Versions
TIBCO LogLogic Log Management Intelligence
all versions
Description
Collecting Cisco ACS logs requires file pulls to be configured on LogLogic LMI as well as logging to be enabled to CSV files in the Cisco ACS application. This article addresses the Cisco ACS side of the configuration.
Issue/Introduction
This article explains how to get Cisco ACS Server for Windows logs collected by LogLogic LMi.
Resolution
To access the Logging Configuration options for Cisco Secure ACS for Windows: 1. Log in to the Cisco Secure ACS UI. 2. Select System Configuration. (The System Configuration page appears) 3. Click Logging. (The Logging Configuration page appears) 4. From the Logging Configuration page, click CSV Failed Attempts. 5. Scroll down to the bottom of the CSV Failed Attempts page and select the Generate New File Every Day radio button. 6. Select the Manage Directory checkbox to enable the feature. 7. Select the Delete files older than X Days radio button. 8. Enter 2 in the Delete files older than X Days field.
Note: The CSV Failed Attempts log is rotated every day around midnight. The log files are stored in C:\Program Files\CiscoSecure ACS Vx.x\Logs\Failed Attempts, where Vx.x is the version of ACS you are running. In addition if you would like to capture accounting logs use the next procedure. 1. From the Logging Configuration page, click CSV RADIUS Accounting. 2. Scroll down to the bottom of the CSV RADIUS Accounting page and select the Generate New File Every Day radio button. 3. Select the Manage Directory checkbox to enable the feature. 4. Select the Delete files older than X Days radio button. 5. Enter 2 in the Delete files older than X Days field. Note: The CSV RADIUS Accounting log is rotated every day around midnight. The log files are stored in C:\Program Files\CiscoSecure ACS Vx.x\Logs\RADIUS Accounting, where Vx.x is the version of ACS you are running Note: You will need setup file pulls in LogLogic LMI for the logs you want the appliance to collect.
Note: The supported log attributes for the CSV Failed Attempts log are: Message-Type User-Name Group-Name Caller-ID Authen-Failure-Code Author-Failure-Code Author-Data NAS-Port NAS-IP-Address
Note that the columns must be in this order and cannot be changed.