I want to report all the ASA security logs using ACS v4.2. ie., whatever traffic flowing throught ASA

Whatever ACS authenticate/authorise/account for users terminating on ASA via administrative or network session can be logged. You need to look inside reports and activity and than click on the specific reports. You can see the passed and failed authentication by clicking on passed and failed csv reports. Command authorization can be viewed under tacacs administration. Accounting for network session can be checked on radius accounting report.

https://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2/user/guide/LgsRpts.html

Let me know if you have any questions.

Jatin Katyal


- Do rate helpful posts -

Labeeb, did that answer your question?

Just wanted to let you know that pleas make sure you have ASA added as a AAA client on the ACS. If you don;t see any specific logging happening on ACS than it also means that its disabled and you need to enable it inside the system configuration > logging  and select the parameters/field you want to see in the logs. It can be controlled by Admin.

you can also run the debugs on the asa to troubleshoot aaa related issues.

debug aaa authentication

debug aaa authorization

debug aaa accounting

debug radius

debug tacacs

In order to disable it use no form of it.

Jatin Katyal


- Do rate helpful posts -

k.. let me try this....

sure