cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1511
Views
0
Helpful
0
Replies

CDA - application logs

Tuulikki
Level 1
Level 1

Hello,

 

I've got the task to export logon event logs from a CDA server. The log must contain information about the users and their attempts to connect to the domain network via Cisco AnyConnect. No syslog server is in place.

Current scheme of NAC: Cisco AnyConnect -> ASA (-> RADIUS access request) -> CDA <-> Domain Contoller

 

From the documentation: CDA leverages Active Directory login audit events generated by the Active Directory domain controller to gather user logins information. Actually I thought that I will be able to extract these events from the DC, but even though a corresponding GPO that activates audit logon is enabled, I'm not able to validate whether such logon events were generated by authentication via AnyConnect.

 

So I think the better way is to extract events from CDA itself. "Mapping of IP Addresses to Identities" and "Live Log" is fine, but 

there's no way to get these logs through web-interface. I tried "copy logs" command and eventually it exported only system logs :( There's also copy ALL command in the documentation:

"Copies all CDA log files from the system to another location. All logs are packaged as cdalogs.tar.gz and transferred to the specified directory on the remote host".

But it doesn't work for me, because possible parameters are only for the config files:

# copy all
running-config startup-config

 

Cisco Context Directory Agent
---------------------------------------------
Version : 1.0.0.011
Build Date : Tue May 8 19:34:26 2012
Install Date : Mon Jan 22 15:43:54 2018

 

 

Any help will be appreciated.

0 Replies 0
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: