CSMARS accounting capability without ACS in the network

shivani-singh · ‎11-24-2010

Hi,

Is it possible for CSMARS v6.0 to fectch data & generate report from the ASA v8.2 of local user authentication. There no ACS nor syslog in the network.

Thanks in advance.

Regards,

Shivani Singh

mwinnett · ‎11-29-2010

Shivani

The ASA does not fetch info from the ASA, but rather receives syslogs. You can configure the ASA to send syslogs relating to local authentication to the MARS and then configure the MARS to run reports for this information. eg:

logging trap warnings

logging message 113012 level warnings
logging message 113015 level warnings

Nov 29 2010 10:23:16: %ASA-4-113015: AAA user authentication Rejected : reason = Invalid password : local database : user = mwinnett
Nov 29 2010 10:23:19: %ASA-4-113012: AAA user authentication Successful : local database : user = mwinnett

Matthew

shivani-singh · ‎11-30-2010

Hi Matthew,

Thanx for repling but if we configure aaa local what can be:-

1) the consequences on the existing users

2) since VPN users are also authenticated locally can i get logs for the same on CSMARS.

If yes what kind of reporting should be fine tuned inorder to achieve the same.

Regards,

Shivani.

mwinnett · ‎11-30-2010

Shivani

The changes proposed are only to change the loggings level, so wont affect anything else. Can you post the output of

show runn logg

show runn aaa

Can you set collect the logging level 7 output for a vpn connection (with good and bad authentication) and we can take a look and see what are the most appropriate messages to send to the MARS.

Matthew