05-12-2011 11:04 AM - edited 03-10-2019 06:04 PM
I am an IT auditor at a firm and have read only access to ACS %.1 server. Can some one guide me as to how can I get the names and dates for all the users that have been added to the ACS server by the admins ? I have been pouring over the Reports and Monitoring section but can;t figure out how to get this info. Any help will be highly appreciated.
05-12-2011 10:19 PM
Hi,
Assuming these are users configured locally on the ACS:
If you display an individual user configuration it does show the creation date on the GUI. However this information is not included in the user export.
From ACS View go to :
Monitoring & Reports > | ... > | Reports > | Catalog > | ACS Instance |
Select "ACS Configuration Audit" and then Run the query with the preselected dates or the custom dates. Once the data is displayed on the GUI click the small export datat icon at the top left. This will open a dialog box. Press the two chevrons ">>" to include all the columns and press OK.
Open the csv file in Excel, respace coulmns so they all fit. Once in Excel look or filter in the Events column and look for "Added configuration" and in the Object Type column look for "Internal User". This should show all the instances when users were added to the internal database.
I have had a probelm with this though: Even though I set my log files to purge after 180 days the Admin configuration files only go back 1 month. I haven't worked out why this is happening as the authentication logs go back further than 180 days.
05-16-2011 08:49 AM
Thanks a lot sir. It worked.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide