I am trying to set my ACS up to generate new CSV's for each day. I went to Cisco's website and it says that this is configured under "System Configuration", "Logging", and then clicking on the CSV option and choosing "Every day" "Every Week" and so on. I am running ACS 4.2 and do not see the options for choosing every day etc. Anyone have an idea on why I am not seeing this?
Under that menu in logging, there is a list of reports.
For each, there is a column that says CSV and there is a click link for configure.
Click on each one of the CSV reports you are interested and in that menu you can choose every day, week and so on.
Hope this resolves your question.
appliance or software?
On the appliance, csv rollover is hard-coded to 10MB. Cannot be changed.
FWIW extraxi csvsync and aaa-reports! can handle ever-growing active non-rolled csv files to give you near realtime reporting with duplicate row handling. You get canned and custom reports, a query builder and multiple ACS log consolidation. 60 day trial available at http://www.extraxi.com
Having appliance and default every day option selected new files are not getting generated on daily basis. 1113 solution engine and version is 4.2 build 124. As per your comment it is hardcoded and cannot change to daily.
This can be achieved by configuring remote logging. You can send the ACS SE logs data to the remote agent server.
Configuring Logging to Remote Agents (ACS SE only):http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2/user/guide/LgsRpts.html#wp638135
Remote Agents Reports Configuration Page (ACS SE only):
If you have a syslog server you can push logs to one.
Configuring Syslog Logging:
The issue (IMHO) with all forms of remote logging is that
1) they hog network bandwidth
2) in the case of syslog are non-acknowledged - server has no idea data has been received.
3) blocking - threads in ACS block while sending to a remote agent
4) when they fail - where's your data?
CSV logging is low tech and ultimately ultra reliable.
With the appliance the issue is log retention - I recently spoke to a customer who's appliance only had HDD space enough for 2 to 3 days of logs.
The solution for him was to install our csvsync client to ensure that logs were harvested from his ACS servers every day - in bulk and at a time of his choosing.
As it happens they also use our aaa-reports! app to import the logs and run reports.
Even if you are using remote logging and/or syslog if you have strict data retention requirements - csv is your best bet.
extraxi csvsync uses http to pull logs down as and when you want - eg once a day.
Doesnt require remote logging or agents etc. Just a simple command line app.
Used in combination with extraxi aaa-reports! you can safely harvest logs daily from multiple ACSs with different versions and platforms (sw or appliance)
aaa-reports! has advanced de-dup logic so you can import the same growing active csv file without duplicates. When the active file eventually rolls over - thats handled too!
60 day working trial from www.extraxi.com