Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
559
Views
0
Helpful
3
Replies

ACS 5.4 logs

spyrosandreou
Level 1
Level 1

‎12-23-2013 12:06 AM - edited ‎03-10-2019 09:12 PM

Hi there people!

Im currently deploying ACS 5.4 for our network and i have some questions regarding logging events on ACS. I have read all the documents that come with ACS regarding logging but im still a bit confused.

As of now ACS should have been running for about a month. I however can only see a maximum of 1-2 days of logs within the monitoring interface. I can however retrieve the last 7 days from the CLI.

Is there a way to configure ACS to show more entries within the web interface? Or even create custom reports with TACACS events (authentication, authorization and accounting) from within the monitoring viewer?

Another thing, we have 2 ACS systems installed one being the primary and the other the secondary instance. However, when primary instance, which is also the main log collector, goes down, we get no logs from the secondary acs....Is there a way around this?

Thanks for a ny pointers in advance!

Labels:
0 Helpful
3 Replies 3

edwjames
Level 3
Level 3

‎12-23-2013 02:35 PM

Hi,

Data retention limit:

Customize reports:

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.4/user/guide/viewer_reporting.html#wp1133308

Workaround to that issue is keep the secondary ACS as the log collector.

**Share your knowledge. It’s a way to achieve immortality.
--Dalai Lama**

Please Rate if helpful.
Regards
Ed

**Share your knowledge. It’s a way to achieve immortality. --Dalai Lama** Please Rate if helpful. Regards Ed
0 Helpful

spyrosandreou
Level 1
Level 1
In response to edwjames

‎12-23-2013 11:34 PM

Hi and thanks for replying!

Ok for some reason im not given an option for a data repository in the options ?!

As for the workaround to log both ACS, the truth is that i havent thought about it and its a pretty simple solution but i already tried assigning both of them as log collectors and that failed as well. Maybe i configured something wrong, i will try again and update you.

Thanks again for the pointers!

0 Helpful

edwjames
Level 3
Level 3
In response to spyrosandreou

‎12-24-2013 05:33 AM

Hi Spyros,

For the repository:

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.4/user/guide/admin_operations.html#wp1053302

Just to be clear on what I mentioned, you can only have one log collector in a distributed steup.

Keeping secondary as a log collector as the probability of it crashing than the primary is less.

**Share your knowledge. It’s a way to achieve immortality.
--Dalai Lama**

Please Rate if helpful.
Regards
Ed

**Share your knowledge. It’s a way to achieve immortality. --Dalai Lama** Please Rate if helpful. Regards Ed
0 Helpful
Customers Also Viewed These Support Documents