Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1136
Views
0
Helpful
0
Replies

ACS 5.1 logging

gaboughanem
Level 1
Level 1

‎06-23-2010 11:08 AM - edited ‎03-10-2019 05:12 PM

Hi,

i have installed ACS 5.1.0.44 demo (demo license) on ESX VM 4.0, everything works fine.But i have a problem is the logging.

1- i have configured the ACS to use remote log server, it sends the logs to the server in a very detail way.

the question is how i can define certain attribute in the log send?  For example, how to send only in the log the following attribute: remote-address, meaasge, severity , time , date, and facility.

the below is ONE log send from ACS to GFI log server


Jun 23 17:59:45 10.39.250.11 Jun 23 18:01:55 acs-demo CSCOacs_TACACS_Accounting 0000000134 8 0 2010-06-23 18:01:55.897 +00:00 0000008864 3302 NOTICE Tacacs-Accounting: TACACS+ Accounting STOP, ACSVersion=acs-5.1.0.44-B.2347,
Jun 23 17:59:45 10.39.250.11 Jun 23 18:01:55 acs-demo CSCOacs_TACACS_Accounting 0000000134 8 1  ConfigVersionId=167, Device IP Address=10.39.2.26, RequestLatency=0, NetworkDeviceName=switch26, Type=Accounting,
Jun 23 17:59:45 10.39.250.11 Jun 23 18:01:55 acs-demo CSCOacs_TACACS_Accounting 0000000134 8 2  Privilege-Level=1, Service=Login, User=user1, Port=tty5, Remote-Address=10.39.24.7, Authen-Method=TacacsPlus, AVPair=task_id=76,
Jun 23 17:59:45 10.39.250.11 Jun 23 18:01:55 acs-demo CSCOacs_TACACS_Accounting 0000000134 8 3  AVPair=timezone=UTC, AVPair=start_time=1277296026, AVPair=disc-cause=9, AVPair=disc-cause-ext=2, AVPair=pre-session-time=0,
Jun 23 17:59:45 10.39.250.11 Jun 23 18:01:55 acs-demo CSCOacs_TACACS_Accounting 0000000134 8 4  AVPair=elapsed_time=9158, AcctRequest-Flags=Stop, Service-Argument=shell, AcsSessionID=acs-demo/66496449/326,
Jun 23 17:59:45 10.39.250.11 Jun 23 18:01:55 acs-demo CSCOacs_TACACS_Accounting 0000000134 8 5  SelectedAccessService=Default Device Admin, Step=13006 , Step=15008 , Step=15004 , Step=15012 , Step=13035 ,
Jun 23 17:59:45 10.39.250.11 Jun 23 18:01:55 acs-demo CSCOacs_TACACS_Accounting 0000000134 8 6  NetworkDeviceGroups=Device Type:All Device Types, NetworkDeviceGroups=Location:All Locations,
Jun 23 17:59:45 10.39.250.11 Jun 23 18:01:55 acs-demo CSCOacs_TACACS_Accounting 0000000134 8 7  Response={Type=Accounting; AcctReply-Status=Success; }

2- can i configure ACS, to send the logs that are not sent when the log server is down, after the log server has been restored and up

i.e. re-synchronizing???

Please , i will appreciate if anyone can help

Regards,

George

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents