• Data Collection Using package.cab, page 34
Data Collection Using Syslog
Syslog is the primary mechanism that ACS View uses to collect dynamic data from ACS servers. The ACS servers that are configured in ACS View sends syslogs to ACS View for every new log record in ACS servers. You need to configure syslog in ACS for this.
You need to configure ACS View in ACS to receive syslog messages for every new log record from
To configure ACS to send syslog messages to ACS View:
Step 1 Log in to ACS 4.1.4 or ACS 4.2.
Step 2 Choose System Configuration > Logging.
The Logging Configuration page appears.
Step 3 In the Syslog column of the ACS Reports area, click Configure corresponding to the specific report.
The Edit page appears.
Step 4 For each syslog report that you enable, check the check box in the Enable Logging area. For example, when configuring the Failed Attempts report, check the Log to Syslog Failed Attempts Report check box.
Note We recommend that you enable all syslog reports in ACS.
Step 5 In the Select Columns To Log area, choose an attribute from the Attributes column, and move it to the Logged Attributes column. For a list of the mandatory attributes that you must enable for ACS View, see Mandatory ACS Attributes for ACS View, page A-1.
Step 6 In the Syslog Servers area, enter:
• IP—Enter the ACS View IP address to configure ACS View as a syslog server for receiving this syslog report.
• Port—Enter the port number. The default port for syslog is 514.
• Max Message Length—Enter the length of the syslog message in bytes. The recommended length is 1024 bytes.
Step 7 Click Submit.
ACS View can now collect data from the ACS server using syslog.
Note Ensure that you choose all the mandatory attributes from the ACS logging page for syslog. See the User Guide for Cisco Secure Access Control Server View 4.0, for further information.
Data Collection Using package.cab
ACS View might lose some syslog messages from ACS servers due to network problem, or when ACS View is unreachable. In such events, the package.cab files serve as a backup option through which you can retrieve any missing information on any log that ACS View collects via syslog.
The package.cab file contains:
• Logs related to AAA, such as TACACS+ accounting, RADIUS accounting, passed authentication, and failed attempts.
• ACS audit logs, such as those related to ACS backup and restore, RDBMS synchronization, and database replication.
• Configuration information of ACS, if you chose to download configuration information from ACS servers.
You can download package.cab to the ACS View database, which in turn processes the downloads to identify and retrieve the missing logs.
Additionally, you can upload package.cab files to ACS View. To upload package.cab files, you must first have downloaded these files from an ACS server that is registered to ACS View.
This section describes:
• Downloading Data from ACS Servers, page 35
• Uploading package.cab to ACS View Servers, page 38
Downloading Data from ACS Servers
ACS View collects historical data from ACS servers using package.cab. You can configure ACS View to collect this data at specified intervals, or as and when you require data (also known as collecting data on demand). This section describes:
• Enabling CSV Logging in ACS, page 35
• Collecting Data At Scheduled Intervals, page 37
• Collecting Data On Demand, page 38
Enabling CSV Logging in ACS
For ACS View to extract the package.cab files from ACS, you must enable CSV logging in ACS. CSV logging in ACS servers is enabled by default.
Note If you are installing the ACS server for the first time, ensure that you enable CSV logging.
Ensure that you choose all the mandatory attributes from the ACS logging page for CSV. See the User Guide for Cisco Secure Access Control Server View 4.0, for further information.
To schedule CSV logging in ACS:
Step 1 Log in to ACS 4.1.4 or ACS 4.2.
Step 2 Choose System Configuration > Logging.
The Logging Configuration page appears.
Step 3 In the CSV column of the ACS Reports area, click Configure corresponding to a specific report.
The Edit page appears.
Note We recommend that you enable all CSV reports in ACS.
Step 4 For each CSV report that you enable, check the check box in the Enable Logging area. For example when configuring the Failed Attempts report check the Log to CSV Failed Attempts Report check box.
Step 5 In the Select Columns To Log area, choose an attribute from the Attributes column, and move it to the Logged Attributes column. For a list of the mandatory attributes that you must enable for ACS View, see User Guide for Cisco Secure Access Control Server View 4.0.
Step 6 In the Log File Management area:
• Under Generate New File, click one of the options to configure when ACS should generate a new log file
• Under Directory, enter the full path to the directory where you want ACS to place the log files.
• If you want ACS to control which log files are retained, check the Manage Directory check box and then click either of these radio buttons:
– Keep only the last X files—Enter the maximum number of log files that ACS should retain in the log directory. The default is 7 files.
– Delete files older than X days— Enter the maximum number of days that ACS should retain the log files in the log directory. The default is 7 days.
Step 7 For AAA-related reports, configure the attributes that you want ACS to log. For information about the mandatory attributes, see User Guide for Cisco Secure Access Control Server View 4.0.
Note When you use ACS Windows, ensure that you specify file management options for the CSV files.
Step 8 Click Submit.
Collecting Data At Scheduled Intervals
You can configure ACS View to download the package.cab at specific intervals. By default, this runs at 12.01 am.
To change the default schedule of data collection from ACS servers:
Step 1 Choose System Administration > ACS Servers Configuration > Data Collection.
Figure 13 shows the Data Collection page that appears.
Figure 13 Collecting Data
Step 2 In the Daily Schedule area, specify the time (24-hour format). The schedule that you specify is based on the ACS View system time zone.
Step 3 Click Update.
Note To disable a scheduled job, click the Disable radio button in the Daily Schedule area, and click Update.
Collecting Data On Demand To download package.cab on demand:
Step 1 Choose System Administration > ACS Servers Configuration > Data Collection.
Figure 13 shows the Data Collection page that appears.
Step 2 In the On Demand area, choose Download package.cab from the Choose Action drop-down list. This downloads package.cab from all individual and remote logging ACS servers.
Step 3 In the ACS Server field, click Select; a list of available ACS servers appears. Click the right arrow to transfer a server name from the Available to the Selected list. You can choose multiple servers here.
Step 4 Based on the data that you want to download, whether log or configuration data, check one or both of these check boxes:
• Retrieve ACS Logs for—For ACS log data. Also, specify the number of days in the corresponding field.
• Retrieve ACS Config—For ACS configuration data.
Step 5 Click Collect to download package.cab.
Uploading package.cab to ACS View Servers
You can upload the package.cab files that you have previously generated to ACS View.
To upload package.cab:
Step 1 Choose System Administration > ACS Servers Configuration > Data Collection.
Figure 13 shows the Data Collection page that appears.
Step 2 In the On Demand area, choose Upload Package.cab from the drop-down list.
Step 3 In the Local Directory, click Browse and navigate to the package.cab file on your system.
Step 4 Based on the data that you want to upload, whether log or configuration data, check one or both of these check boxes:
– Retrieve ACS Logs—For ACS log data.
– Retrieve ACS Config—For ACS configuration data.
Step 5 Click Collect to upload package.cab to all ACS servers that are registered with ACS View.