Logging remotely on CISCO ACS 5 1120
Hello
I configured the device that all works well
We have a remote syslog server and I have configured the remote syslog server details in the 'remote journal objectives' and and logging categories.
But I don't see newspapers on my syslog server
NOTE:-in the collector Collector Log of current journal is defined as the local unit, I am unable to change it to the remote syslog server.
kindly advice
Best regards
Lunedor
No problem
Concerning
Bellefroid
Please evaluate the useful message
Tags: Cisco Security
Similar Questions
-
Cisco ACS 3.1 and Logging of Nortel Passport CLI commands
Good afternoon
We try to log commands CLI Cisco ACS version 3.1 of Nortel Passport 8600. The version of the code that runs on the Passport does not support Ganymede +.
Passports authenticate OK but don't sign any order information. I "think" the problem is maybe that the VSA Radius of Nortel for cli-commands-attribute, 195, is not collected by ACS.
Does anyone know how I would go to get this added to the existing list of Radius (Nortel) VSA?
Thank you very much
Kind regards
Flett.
Foisy,
You must add the attribute Nortel 193-195 to activate the posting of the order.
Unfortunately you can't download on code 3.x, you will need to upgrade acs to the 4.x code.
Kind regards
~ JG
Note the useful messages
-
Upgrade to Cisco acs 1120 to 4.2.1.15 help
Hi all
I downgrade of cisco device 1120 DCC acs 4.2.0.124 5.0, I need to upgrade to acs 4.2.1.15. Is device 1120 cisco acs supports 4.2.1.15, how do I upgrade 4.2.0.124 4.2.1.15.
There are any server distribution for the upgrade. Please suggest on this, thank you
Yes, you can upgrade it to 4.2.1.15 and you can download the version from the link below listed;
http://Tools.Cisco.com/Squish/d4e4A
Here are the files you need to download:
ACSse-Upgrade-Pkg-acs-v4.2.1.15-K9.zip
ACSse-Upgrade-Pkg-appl-mng-v4.2.1.15-K9.zip
: Note apply the upgrade of management first and then software update. ..
Distribution server is a machine where you can download the patch on the Cisco Secure ACS Appliance, so if you download the version on your laptop and download then only one distributor (nothing special)
Upgrade an application of 4.2.1.15
I hope this helps.
Rgds, jousset
Note the useful posts ~
-
The upgrade to Cisco ACS SE and Remote Agent
Hello
Currently we are upgrading the PDC to Windows Server 2008, Standard Edition R2.
I am little confused with information available for upgrade scenarios. Appearing on the current working versions.
Cisco ACS SE - version 4.1 Build 23 5 Patch 1
Cisco ACS Remote Agent version 4.2 (0.124)
The new operating system will work on 64-bit, I think that the current ACE SE and the remote agent can / must be upgraded.
My existing versions, give the possible scenarios of upgrade available for me. After that upgraded SE and Remote Agent should work for the 64 bit OS.
Thanks in advance!
Yes, it is not possible to upgrade the ACS ACS 5.2 existing to level 4.1. They are two different boxes run on a different platform.
Unfortunately ACS 4.x does not support windows 2008 r2.
5.2 ACS is the only option left, and you will need to buy a new box of seprate with the new licnese for this.
Concerning
Bellefroid
Note the useful messages
-
Version of Cisco ACS 1121 5.3 - logging
Hello
I am new to Cisco ACS 5.X. What I've read, the Cisco ACS can act as a logging server. Does this mean, all messages from syslog to all other network and ACS devices can be stored by ACS? I'm a little confused on that part.
Finally, I understand that Cisco ACS has many or perhaps 2 instances? When we use these instance? What is this instance?
Kind regards
RAM
In the deployment, you must specify an acs as the Logcollector server. All other servers send the logs to the Logcollecter.
http://www.Cisco.com/en/us/docs/net_mgmt/cisco_secure_access_control_sys...
In a distributed deployment, each acs server is an instance. If you have a main instance and multiple secondary instances.
http://www.Cisco.com/en/us/docs/net_mgmt/cisco_secure_access_control_sys...
Sent by Cisco Support technique iPad App
-
Cisco ACS SE GANYMEDE + accounting fails
Hello
I'm under Cisco ACS SE 4.1.23.5. My problem is that the ACS don't Jrnl of the remote switches. I have configured the following accounting commands:
AAA accounting exec default start-stop Ganymede group.
orders accounting AAA 0 arrhythmic default group Ganymede +.
orders accounting AAA 15 by default start-stop Ganymede group.
Default connection accounting AAA power Ganymede group.
When I enable aaa accounting debugging, I get the following logs on the switch.
001091: 12 sep 12:06:06.464 TSB: AAA/ACCT: user johndoe, acct type 3 (2684940942): method = Ganymede + (Ganymede +)
001092: 12 sep 12:06:06.665 TSB: TAC +: (2684940942): received the status of response acct = SUCCESS
001093: 12 sep 12:06:11.128 TSB: AAA/ACCT/CMD: user johndoe, tty2, 15 private Port:
'show running-config '.
" 001094: 12 sep 12:06:11.128 TSB: AAA/ACCT/CMD: find the "default" list
001095: 12 sep 12:06:11.346 TSB: AAA/ACCT: user johndoe, acct type 3 (1583033889): method = Ganymede + (Ganymede +)
001096: 12 sep 12:06:12.000 TSB: TAC +: (1583033889): received the status of response acct = SUCCESS
001097: 12 sep 12:08:16.303 TSB: AAA/ACCT/CMD: user johndoe, tty2, 15 private Port:
' configure terminal '.
" 001098: 12 sep 12:08:16.303 TSB: AAA/ACCT/CMD: find the "default" list
001099: 12 sep 12:08:16.303 TSB: AAA/ACCT: user johndoe, acct type 3 (1098049616): method = Ganymede + (Ganymede +)
001100: 12 sep 12:08:16.504 TSB: TAC +: (1098049616): received the status of response acct = SUCCESS
001101: 12 sep 12:08:29.884 TSB: AAA/ACCT/CMD: user johndoe, tty2, 15 private Port:
It seems that the switch is well a response but the CSA record. I have updated the ACS for the latest patch (4.1.23.5), which is supposed to resolve this known bug.
Is there something that I am missing?
Thank you.
ESD
And what you get in the newspapers of Ganymede Administration?
Kind regards
Prem
-
Cisco ACS 4.1 for external advertising for authentication
Hello
We have just configured Cisco ACS 4.1 solution engine and using a Windows 2003 domain controller as a remote agent.we use as Protocol Ganymede.
Users that are created in ACS himself are able to connect to various network devices. but users in domain (active directory) can not connect. We get the access denied message. same time we get external DB is not operational message in ACS.
Active directory server where agent that runs in CSWINAgentlog, we get the following error 'NDLIB'... FOUND 0 TRUSTED DOMAIN.
Could you please help us to isolate the problem.
Thank you & best regards
Make sure that the worm of acs and remote agent software is the same. And also execution of remote agent account must have special domain administrator rights, like the act as part of operating system and log in as a service.
Kind regards
~ JG
-
Cisco ACS 5.1 and RSA Authentication Manager 6.1
Hi all
We recently had a Cisco Secure ACS 1120 and I improved the Unit 5.1 5.0 with all your support
Now, I need to integrate Cisco ACS 5.1 with RSA Authentication Manager 6.1. I have config file of RSA ACE Server successfully downloaded and exported to 1120 ACS.
I also added as NetOS Agent ACS in the RSA server during the process, I found a few warnings. The ACE Server is not able to resolve the IP address to the name (is it necessary?).
I have not created any file of secret key for communication between FAC and RSA and I used encryption is FOR.
Now, when I log into ACS and search for devices in the identity store sequences I am not able to get Sever Token RSA.
Let me know what was wrong, where can I fix and also please tell me what is the communciaction between the RSA and ACS?
Hoping that you guys help me as usual when I'm in a hurry...
Sree
Were you able to successfully create the RSA identity server. After selecting the sdconf.rec and you press on submit what happened? The RSA instance created OK?
If you go to
Users and identity stores > external identity stores > RSA SecurID Token servers, what do you see in the list?
-
How can I use Cisco ACS to save Shell commands
Hi guys, pleeeease how can I configure Cisco ACS to do command authorization on my Cisco 3660 router. I get the accounting logs and authentication but no newspaper that show orders issued by users - shell and it's the most important paper that I need. I read materails and download articles on the site of Cisco... but the thing is still does not give me the papers.
I have these lines on my router:
...
AAA authorization config-commands
AAA authorization exec default group Ganymede +.
AAA authorization commands 15 default authenticated if
AAA authorization network default group Ganymede +.
...
It's funny, when I turn on debugging of the authorization of the AAA on the router, it shows me every command being sent by the user on the debug log. But nothing shows under Administration TACAC + on the Cisco Secure ACS. What is responsible for this?
*****************************************************
I installed the trial version of the Cisco ACS 90 days and made all necessary settings and I have to say I like what I see already. I'm opening moves to recommend the product to purchase. Thank you guys, I got about the features of this ACS software through this forum, keep up the good work. I recommend the software for those who need to have adapted to the management reports Security Audit logs.
If I understand what you're asking correctly, the answer is not in the authorization, that it is in accounting. I set up on my routers and send to ACS orders that level 15 privilege users enter on the router.
orders accounting AAA 15 by default start-stop Ganymede group.
-
Problem with Cisco ACS and different areas
Hello
We are conducting currently a problem with Cisco ACS that we put in place, and I'll try to describe:
We have ACS related directory AD areas, where we have 2 domains and appropriate group mappings.
Then we have our Cisco switches with the following configuration,
AAA new-model
AAA-authentication failure message ^ CCCC
Failled to authenticate!
Please IT networks Contact Group for more information.
^ C
AAA authentication login default group Ganymede + local
AAA authorization exec default group Ganymede + local
AAA authorization network default group Ganymede + local
AAA accounting exec default start-stop Ganymede group.
orders accounting AAA 15 by default start-stop Ganymede group.
!
AAA - the id of the joint session
But the problem is that with the users in a domain, we can authenticate, but not the other. Basically, the question is that when we check on the past of authentication, two authentications are passage and the display of 'Authentic OK', but on the side of the switch, there is a power failure.
There may be something wrong with the ACS?
Thank you
Jorge
Try increasing the timeout on IOS device using radius-server timeout 10.
Do we not have journaling enabled on the ACS server remotely?
-Philou
-
Cisco ACS 5.8 CLI admin account lockout
Hi all
We recently deployed device Cisco ACS 3495 and running on a version 5.8.
Everything seems well while our for the CLI admin account was locked out.
Found a bug in Cisco for the same problem with version 5.5, but no solution yet...
ACS 5.5 CLI Admin account locked and no Log MessageSomeone out there who might have encountered the same issue and can help advise?Thank you and best regards,NDAHello
Unfortunately, the only solution for this is the DVD of password recovery.
Once fixed, you can increase the car locked out amounted to something greater than the default value of Cisco.
-
RADIUS does not not on Cisco ACS SE v4.1 (1)
Hello
I have a CiscoSecure ACS version 4.1 (1) build 23.
I can't configure the Cisco ACS for granular control of access router. I have a Netopia Router that is configured to use RADIUS to authenticate remotely for a telnet connection. The router sends the request to access the Cisco ACS SE RADIUS and a sniff on the side of the ACS shows the application of GBA, but I see no response from the ACS. RADIUS authentication to work with a Windows 2003 server.
I configured an AAA client and a user of the ACS and use the default group. I use IETF RADIUS. Should what attributes I configure. In Windows, I use Service Type framed and Framed-Protocol PPP. This does not work with the Cisco ACS SE. Nothing shows up in the newspapers. It shouldn't be so difficult, but for some reason I can't make it work.
Thanks for any help.
Jutta Kullmann
Jutta,
Good to know it works very well. Please mark this thread as solved so other can benefit from.
Kind regards
~ JG
-
Cisco ACS and the domain controller
Hello
We are currently using the Cisco ACS 3.2.3.11 solution engine and using a Windows domain as a remote agent controller.
We now have the ACS to 4.1
1. do I need to upgrade the remote agent on the domain controller as well?
2. any computer on the network can be used as a Distribution Server?
3. after an initial backup and upgrade then to 3.3.3.3 I make another backup before the upgrade to 4.1?
You can use any PC in the network as a Distribution Server.
-
Cisco ACS 5.2 with NX - OS (Nexus) devices user - questions
Hey, I have a really strange problem with Cisco ACS 5.2 and Nexus NX - OS devices.
I create an account on ACS, let's call him User1 and give privilege 15. With User1, I am able to access on all our IOS, IOS - XE, ASA and PIX devices with privilege 15.
When I use the User1 account in our NEXUS devices, I do NOT receive the access privilege 15. As you probably know, the NEXUS devices have roles: predefined or custom roles. So I assumed I would get the role of "network-admin" (15 private read/write) User1 when you connect, but instead I got the role of 'vdc-operator' (private 1 read-only).
Then I tried to twist User1 and give network-admin under profile Shell > Custom Attributes. I logged in the NEXUS and of course I was able to get a network-admin access. However, my access to ALL other devices (IOS, ASA, PIX, etc.) does NOT work! I am not even able to connect with my login and my password for these devices.
Has anyone ever experience this problem? Help, please!
Thank you
neocec
This is a common problem when you mix with RBAC and IOS devices authorization policies, the pair av that you created must be set 'optional' instead of 'compulsory', please make this change and you will be able to access all your devices.
Thank you
Tarik
-
Hello
I just installed Cisco ACS 5.5.0.46. We managed to get Juniper devices to authenticate using RADIUS.
The problem is that the authentication logs are empty.
I intend to patch the ACS of Update Rollup 4 for tonight, hoping that it can fix the problem.
Can someone advise?
Concerning
Vijay
Good to hear your issue was resolved. Also, thank you for taking the time to come back and post the solution to the problem! (+ 5 from me). Now, if your issue is resolved, please check the thread as "answered" :)
Maybe you are looking for
-
Satellite A200-1HV: Wi - Fi connect WinXP manager does not see the WLAN
Hello from the Russia, I'm really sorry for my English. 1st. A200-1HV, bought with vista home premium. But I have too many problems to work on vista, and I write the new version of the BIOS (download from the Toshiba web site) to my laptop. (new vers
-
Pavilion dv6-2115aa: Pavilion dv6-2115sa BIOS corruption failure
My laptop does not start and flashes the caps locks and MOM sighted twice, which according to locking elsewhere on the forum, is a BIOS corruption failure. However, I can't find a BIOS version anywhere on the HP support site to re-install it, especia
-
IN WHAT IS THE CARTRIDGE ALIGNMENT IS NOT AVERAGE
ALIGNING THE PRINT CARTRIDGE HAS TRIED... IT'S NOT WHY?
-
Digitization of slides or positive film
I have a Canon MX720 multifunction printer that has a support film/slides on the plate. How he used to scan film or slide film? It does not appear as one of the functions possible; It can scan photos, documents, etc, but the movie does not appear as
-
How to create a shortcut to rightclick in vista
Is it possible to create or change shortcuts in vista, example: can create us a shortcut 'new folder right click? as a "ctrl + c" to copy