Setting up Monitoring on ACS5.1

sidcracker · ‎01-31-2011

Hello,

What do i need to do to set up monitoring ACS 5.1. The userguide shows that the folowing commands need to be allowed on the NAD,

1.
logging monitor informational
2.
logging origin-id ip
3.
logging host
logging host
ip transport udp port 20514—where ip is the IP address of the Log Collector in your network.

4.

epm logging

Cisco IOS does not support some of these commands and ACS CLI do not support it. How do I get this working. As of now in the dashboard I dont get any details at all

Thanks

Jatin Katyal · ‎01-31-2011

Looks like would like ACS to act as a syslog server for Network access devices. This is not a worth while feature to use.

Out of these 4 commands,epm logging won't work.

–logging monitor informational

–logging origin-id ip

–logging host ip transport udp port 20514—where ip is the IP address of the Log Collector in your network.

–epm logging

ACS view is meant to process the syslog messages primarily related to AAA and not for processing any syslog messages ACS is giving a parse failure when receiving syslogs from device. Only a very specific subset of syslog is supported. Other syslog message will give errors on ACS.

This feature is not fully operational.

CSCth66621 ACS 5 giving "parse failure" when receiving syslogs

HTH

Regards,

Jatin

Do rate helpful posts~

~Jatin

sidcracker · ‎01-31-2011

Hello Jatin,

Thanks for the reply,

How do I get the monitoring and reporting page to show data if I dont get the NAD to send logs on port 20514. I cant even configure the udp port 20514 on the device since there is no option. There is no fw also between the swicthes and the ACS.

Any idea to make the monitoring tab to show data?

Thanks

Jatin Katyal · ‎01-31-2011

Why you want to configure ACS as a syslog server? What kind of logs you want to see on the ACS being sent by the NAD.

Even if you don't configure NAD with all those commands, you would be able to see

radius: passed, failed, accounting

tacacs: passed,failed,accounting

And, I think this is wat you're looking for, correct? If yes, then for this we don't need to configure those commands.

FYI, I tried all those commands on ly router and it did take all except epm logging.

HTH

Rgds, Jatin

Do rate helpful posts~

~Jatin

sidcracker · ‎01-31-2011

Well these switches dont accept these commands. The client requires this feature to be able to see authentications passed or failed from the interface. The switch IOS version is 12.1(22). Maybe they dont support these commands

Thanks

Jatin Katyal · ‎01-31-2011

That is what I said, normal passed/ failed/accounting will always happens as you must have AAA commands.

These commands have introduced to make ACS as a syslog server so that we can only see syslog messages, that's not the case with you.

You will be ble to see all those command using AAA authentication/authorization/accounting commands.

HTH

Regds, Jatin

Do rate helpful posts~

~Jatin

Jatin Katyal · ‎02-01-2011

Sid,

Did my last reply answer your question? Do you still have any doubt?

Rgds, Jatin

Do rate helpful posts~

~Jatin

sidcracker · ‎02-01-2011

Hello Jatin,

Yes thats what I have been tried to do on this router but it wont authenticate. This router has the IOS version that will allow these commands. Once it authenticates then i will know

Thanks

sshantikumar · ‎02-01-2011

Hello Jatin

This issue has been resolved. There is a known bug in ACS 5.1.0.44 that if you configure clock set on the CLI then the view-logprocessor will not start. You can view this by the command show application status acs. So I had to remove the clock set command and restart ACS. Then it works fine.

Thanks for all your help regarding this issue.