For record corresponding to AAA, Cisco Secure keep detail in cs_accounting_log. How about an intrusion, for example, a fail attempt to access the "telnet" prompt of a router with invalid username, password pair ?? Is the source ip address and MAC address contributing that failed attempt, recorded ? How can I find out these type of intrusion inside Cisco Secure ???