https://community.cisco.com/t5/network-access-control/acs-question/m-p/1052255#M406251 <HTML><HEAD></HEAD><BODY><P>ACS is a Radius and Tacacs server. So the question would be, Can/does your web server support Radius/tacacs protocol ? If yes, then you can add the web server as a client on the ACS server, and configure your web server for Radius/tacacs accounting and send the accounting logs to ACS server.</P><P></P><P>I doubt this to be the case.</P><P></P><P>AFAIK, the web servers also have some logging feature/functionality. Check with the web server documentation, there must be some option to log the user logins/activity on the web server.</P><P></P><P>HTH</P><P></P><P>Regards,</P><P>Prem</P><P></P><P>Please rate if it helps!</P></BODY></HTML> Tue, 26 Aug 2008 13:49:28 GMT Premdeep Banga 2008-08-26T13:49:28Z https://community.cisco.com/t5/network-access-control/acs-question/m-p/1052254#M406249 <P>Hi all</P><P></P><P>our customer has a vpn tunnel site-to-site with another company . The vpn is established between two routers and its working fine . The users in the customer site can login to a web server in the remote peer site using username &amp; password through this tunnel . Our customer need to log the time that the users login to this web server.</P><P></P><P>Is the ACS do that or not ?? and how ??</P><P>if the ACS cannot do that , is there any other method can be used to log the users login??</P><P></P><P>waiting your replies.</P><P>regards</P> Sun, 10 Mar 2019 23:03:40 GMT https://community.cisco.com/t5/network-access-control/acs-question/m-p/1052254#M406249 mohamed_makled 2019-03-10T23:03:40Z https://community.cisco.com/t5/network-access-control/acs-question/m-p/1052255#M406251 <HTML><HEAD></HEAD><BODY><P>ACS is a Radius and Tacacs server. So the question would be, Can/does your web server support Radius/tacacs protocol ? If yes, then you can add the web server as a client on the ACS server, and configure your web server for Radius/tacacs accounting and send the accounting logs to ACS server.</P><P></P><P>I doubt this to be the case.</P><P></P><P>AFAIK, the web servers also have some logging feature/functionality. Check with the web server documentation, there must be some option to log the user logins/activity on the web server.</P><P></P><P>HTH</P><P></P><P>Regards,</P><P>Prem</P><P></P><P>Please rate if it helps!</P></BODY></HTML> Tue, 26 Aug 2008 13:49:28 GMT https://community.cisco.com/t5/network-access-control/acs-question/m-p/1052255#M406251 Premdeep Banga 2008-08-26T13:49:28Z https://community.cisco.com/t5/network-access-control/acs-question/m-p/1052256#M406253 <HTML><HEAD></HEAD><BODY><P>Dear Prem</P><P></P><P>Thanks for your reply.</P><P>i want to tell you something that the web server isnot under our control .it is controlled by the peer company.So we need to log the users login to this server (using any method) without changing anything in the web server settings.</P><P>i mean we need to do that from our side.</P><P></P><P>Also if the ACS cannot do that , is there any other S/W do that?</P><P></P><P>regards</P></BODY></HTML> Tue, 26 Aug 2008 14:34:44 GMT https://community.cisco.com/t5/network-access-control/acs-question/m-p/1052256#M406253 mohamed_makled 2008-08-26T14:34:44Z https://community.cisco.com/t5/network-access-control/acs-question/m-p/1052257#M406255 <HTML><HEAD></HEAD><BODY><P>I have not tried this, but just an idea, you can try this out.</P><P></P><P>create an acl, something like,</P><P></P><P>access-list auth permit <NETWORK> host <WEB-SERVER>.....</WEB-SERVER></NETWORK></P><P></P><P>aaa authentication match auth <SERVER-TAG></SERVER-TAG></P><P>aaa accounting match auth <SERVER-TAG></SERVER-TAG></P><P></P><P>But this will add an Added authentication, before users go to destination web server,</P><P></P><P>Please test this before applying it.</P><P></P><P>You can also have,</P><P></P><P>access-list auth permit <NETWORK> host <WEB-SERVER>.....</WEB-SERVER></NETWORK></P><P></P><P>aaa accounting match auth <SERVER-TAG></SERVER-TAG></P><P></P><P>That is accounting alone, but not sure what information you may get in this. But you can give this a try and see.</P><P></P><P>Regards,</P><P>Prem</P><P></P><P>Please rate if it helps!</P></BODY></HTML> Tue, 26 Aug 2008 14:54:21 GMT https://community.cisco.com/t5/network-access-control/acs-question/m-p/1052257#M406255 Premdeep Banga 2008-08-26T14:54:21Z https://community.cisco.com/t5/network-access-control/acs-question/m-p/1052258#M406257 <HTML><HEAD></HEAD><BODY><P>Found this, might be helpful,</P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/docs/security/asa/asa81/config/guide/fwaaa.html#wp1043741" target="_blank">http://www.cisco.com/en/US/docs/security/asa/asa81/config/guide/fwaaa.html#wp1043741</A></P><P></P><P>The security appliance can send accounting information to a RADIUS or TACACS+ server about any TCP or UDP traffic that passes through the security appliance. If that traffic is also authenticated, then the AAA server can maintain accounting information by username. If the traffic is not authenticated, the AAA server can maintain accounting information by IP address. Accounting information includes when sessions start and stop, username, the number of bytes that pass through the security appliance for the session, the service used, and the duration of each session. </P><P></P><P>Regards,</P><P>Prem</P><P></P><P>Please rate if helps!</P></BODY></HTML> Tue, 26 Aug 2008 15:08:23 GMT https://community.cisco.com/t5/network-access-control/acs-question/m-p/1052258#M406257 Premdeep Banga 2008-08-26T15:08:23Z