Cisco Acs 5x User Guide
Have a look at the manual Cisco Acs 5x User Guide online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 53 Cisco manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
CH A P T E R 11-1 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 11 Monitoring and Reporting in ACS The Monitoring and Reports drawer appears in the primary web interface window and contains the Launch Monitoring & Report Viewer option. The Monitoring & Report Viewer provides monitoring, reporting, and troubleshooting capabilities for the ACS servers in your network. You can extract consolidated log, configuration, and diagnostic data from one or more ACS servers for advanced reporting and troubleshooting purposes. You can configure the network access devices (NADs) in your network to send syslog messages to the Monitoring & Report Viewer. To do this, you must configure the logging port on the NAD to UDP 20514. For example, to enable a NAD in your network to send syslog messages to the Monitoring & Report Viewer, you must enter the following commands on the NAD through the CLI configuration mode: 1.logging monitor informational 2.logging origin-id ip 3.logging host ip transport udp port 20514—where ip is the IP address of the Log Collector in your network. 4.epm logging Click Launch Monitoring & Report Viewer to open the Monitoring and Reports Viewer in a secondary web interface window, which contains these drawers: Monitoring and Reports Monitoring Configuration. (See Managing System Operations and Configuration in the Monitoring & Report Viewer, page 15-1.) The Monitoring and Reports drawer provides the following functionality: Dashboard—Provides a high-level summary, updated in real time, of the ACS servers in the deployment, the authentication activity, and a summary of authentications against each identity store. See Dashboard Pages, page 11-2. Alarms—You can define thresholds to represent acceptable system performance. Measurements are taken on an ongoing basis and compared against these thresholds. If the thresholds are exceeded, alarms are generated. See Understanding Alarms, page 12-1. Reports— A rich set of reports are available. See Managing Reports. Troubleshooting— Provides tools to assist in troubleshooting the ACS system, including tests for system connectivity and a tool to download support bundles. See Troubleshooting ACS with the Monitoring & Report Viewer.
11-2 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 11 Monitoring and Reporting in ACS Authentication Records and Details Support for non-English characters (UTF-8)—You can have non-English characters in: –Syslog messages—Configurable attribute value, user name, and ACS named configuration objects –GUI input fields –Query pages –Reports and Interactive Viewer –Alarms –Dashboard lookup –Failure reason text NoteIn Monitoring and Reports drawer pages, you can use the page area’s down arrow (v) to hide an area’s content, and the right arrow (>) to show its content. Related Topic Authentication Records and Details, page 11-2 Authentication Records and Details A primary source of information for reports are the authentication records. Reports are provided that analyze these records according to multiple categories such as the Access Service used for the request, the user or host referenced in the request, the device making the request, etc. ACS provides summaries of the authentications per instance in each category, and administrators can get additional details. Within each authentication record there is an option to view the details of the authentication record. The details contain the following information: Authentication Details—Full details of the authentication, which includes details from the request, the service, policies and rules selected for the requests, and the results returned in the response. Authentication Result—The contents of the result response. Steps—Lists the sequence of steps performed when processing the request. The authentication details information is very helpful when trying to understand why a specific successful response was returned, or to track the steps performed when a failed response was returned. Dashboard Pages When you launch the Monitoring & Report Viewer, the Dashboard appears in a secondary web interface window. ACS 5.3 provides a new customizable dashboard that contains tabs and portlets, where the Monitoring & Report Viewer consolidates your favorite queries, recent alarms and reports, and health status of ACS instances. Each of these tabs can have multiple portlets with each portlet containing an application of your choice. You can select an application from the list the list of available applications. By default, the Monitoring & Report Viewer provides the following tabs and applications in the Dashboard:
11-3 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 11 Monitoring and Reporting in ACS Dashboard Pages NoteThese tabs are customizable, and you can modify or delete the following tabs. General—The General tab lists the following: –Five most recent alarms—When you click the name of the alarm, a dialog box appears with the details and the status of the alarm. You can update the information in the Status tab of this dialog box to track the alarm. See Table 12-5 for a description of the fields in the Status tab. –Favorite reports—The favorite reports are displayed in alphabetical order. To view a report, click the name of the report. You can view this report in the Interactive Viewer. You can customize this list to include your favorite reports and can quickly launch them from the dashboard. Troubleshooting—The Troubleshooting tab contains the following panes: –Live Authentications—View live authentications for the day. You can filter the records that appear in this pane. –My Links—You can add your favorite links to this pane. –NAD Show Command—You can run any show command on any NAD device from this pane. To run a NAD show command, you must: a.Enter the IP address of the NAD (Required). b.Enter the username and password for the NAD. c.Choose the protocol, Telnet or SSHv2 (Required). d.Enter the port number. The default is 23 (Required). e.Enter the enable password. f.Check the Use Console Server check box if you want to use the console server. g.Enter the IP address of the console server—This field is required if you check the Use Console Server check box. h.Enter the show command that you want to run on the NAD (Required). When the Monitoring & Report Viewer executes the NAD show command, it might sometimes prompt you for additional details. See Table 14-5 for a description of the fields in the Progress Details page. After you click Done, you can click Show Results Summary to view the result as shown in Table 14-6. –Authentication Lookup—You can use this portlet to run an authentication report with default parameters, find authentication records for a user or MAC address, and run user or endpoint summary report for a user or end point respectively. For more information on the Authentication Lookup Portlet, see Working with Authentication Lookup Portlet, page 11-5. Authentication Trends—The Authentication Trends tab contains the following panes: –Authentication Trend—Provides a graphical and tabular representation of the authentication trend for up to the past 30 days. In the graphical representation, the time is plotted on the X-axis and the authentications are plotted on the Y-axis. The tabular representation provides the number of passed, failed, and dropped authentications for each day. The button at the lower-right corner of the chart ( )allows you to toggle between the two views. –Top Authentications—Provides a graphical representation of the top authentications. Time is plotted on the X-axis and authentications are plotted on the Y-axis.
11-4 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 11 Monitoring and Reporting in ACS Working with Portlets –Authentication Snapshot—Provides a snapshot of authentications in the graphical and tabular formats for up to the past 30 days. In the graphical representation, the field based on which the records are grouped together is plotted on the X-axis and the authentications are plotted on the Y- a x i s . The tabular representation provides the Category; Pass Count; Daily, Weekly, or Monthly Pass Count; Fail Count; and Daily, Weekly, or Monthly Fail Count. The button at the lower-right corner of the chart ( ) allows you to toggle between the two views. ACS Health—The ACS Health tab provides the system and AAA health of ACS instances. This information is available in a tabular format. –System status is determined by the following parameters—CPU utilization, memory utilization, disk input/output utilization, and disk usage for /opt and /local disk. –AAA status is determined by RADIUS and TACACS+ latency Hovering the mouse over the legend (Critical, Warning, Healthy) provides the criteria that determines the status of the ACS instance. For a detailed graphical representation of the ACS instance health, click the name of the ACS instance. The ACS health summary report appears. You can view this report in the Interactive Viewer. You can configure the tabs in the Dashboard to suit your needs. See Configuring Tabs in the Dashboard, page 11-6 for more information on how to configure tabs in the Dashboard and add applications to the tabs. Related Topics Working with Portlets, page 11-4 Configuring Tabs in the Dashboard, page 11-6 Adding Applications to Tabs, page 11-7 Working with Portlets A portlet is a small, self-contained window within a dashboard that displays information in the form of real-time charts, tabular reports, and so on. Each tab in the Dashboard consists of one or more portlets. Figure 11-1 shows two portlets from the General tab.
11-5 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 11 Monitoring and Reporting in ACS Working with Portlets Figure 11-1 Portlets Top 5 Alarms and My Favorite Reports appear in separate windows. You can edit each of these portlets separately. To edit a portlet, click the edit button ( ) at the upper-right corner of the window. The Monitoring & Report Viewer allows you to customize the information in the portlets to suit your needs. You can add, edit, and delete tabs; edit application settings in portlets; and delete portlets. Working with Authentication Lookup Portlet You can add the Authentication Lookup Portlet to the Dashboard. To add Authentication Lookup Portlet, see Adding Applications to Tabs, page 11-7. The Authentication Lookup Portlet contains the following fields: Username/MAC Address—(Required for summary reports) Username of the user or the MAC address in aa-bb-cc-dd-ee-ff format. The Monitoring & Report Viewer does not accept MAC address in any other format. View—Choose Authentication to run an authentication report or Summary for a summary report. Time Range—Depending on the View option that you choose, the Time Range drop-down list box is populated. Choose the time range for which you want to generate the report. Start Date—(Enabled when you choose the Custom time range option) Choose the start date. End Date—(Enabled when you choose the Custom time range option) Choose the end date. Protocol—Choose either RADIUS or TACACS+ from the Protocol drop-down list box. The protocol is not taken into account for endpoint summary reports.
11-6 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 11 Monitoring and Reporting in ACS Configuring Tabs in the Dashboard Related Topic Dashboard Pages, page 11-2 Running Authentication Lookup Report, page 11-6 Running Authentication Lookup Report When you run an Authentication Lookup report, consider the following: If you have provided the Username or MAC Address value in the format aa-bb-cc-dd-ee-ff, an authentication report is run for this MAC address. If you have provided the Username or MAC Address value in any other format, the value is considered an username and authentication report is run for that user. If the Username or MAC Address field is empty, an authentication report with default parameters is run for the chosen protocol and time range (similar to running a RADIUS or TACACS Authentication report in the catalog pages). If you provide a valid MAC Address value for the Username or MAC Address field and choose the Summary View option, an endpoint summary report is run. Irrespective of the protocol that you choose, an endpoint summary report is always run for the RADIUS protocol. If the MAC Address value that you provide is not in the prescribed format, it is assumed to be a username and a user authentication summary report is run for the chosen time range and protocol. Configuring Tabs in the Dashboard This section describes how to configure tabs in the Dashboard and add applications to it. This section contains: Adding Tabs to the Dashboard, page 11-6 Renaming Tabs in the Dashboard, page 11-7 Changing the Dashboard Layout, page 11-8 Deleting Tabs from the Dashboard, page 11-8 Adding Tabs to the Dashboard The Monitoring & Report Viewer Dashboard allows you to customize the tabs in the dashboard and the applications that are available from them. To add tabs to the Dashboard: Step 1From the Monitoring & Report Viewer, choose Monitoring and Reports > Dashboard. The Dashboard page appears. Step 2Click the Configure drop-down list at the upper-right corner of the Dashboard page. Step 3Click Add New Page. Step 4Enter the name of the tab that you want to create in the Add New Page text box.
11-7 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 11 Monitoring and Reporting in ACS Configuring Tabs in the Dashboard Step 5Click Add Page. A new tab of your choice is created. You can add the applications that you most frequently monitor in this tab Adding Applications to Tabs To add an application to a tab: Step 1From the Monitoring & Report Viewer > choose Monitoring and Reports > Dashboard. The Dashboard page appears. Step 2Select the tab to which you want to add an application. If you want to add applications to a new tab, you must add the new tab to the Dashboard before you can add applications to it. Step 3Click the Configure drop-down list at the upper-right corner of the Dashboard page. Step 4Click Add Application. An Add Application window appears. Step 5Click View Dashboard to see the list of applications that you can add to the Dashboard. Alternatively, you can enter the name of the application in the Search Content text box. A list of applications appears. Step 6Click the Add link next to the application that you want to add. The application of your choice is added to the tab. You can edit the parameters in this tab. Renaming Tabs in the Dashboard To rename existing tabs in the Dashboard: Step 1From the Monitoring & Report Viewer > choose Monitoring and Reports > Dashboard. The Dashboard page appears. Step 2Select the tab that you want to rename. Step 3Click the Configure drop-down list at the upper-right corner of the Dashboard page. Step 4Click Rename Page. Step 5Enter the new name in the Rename Page text box. Step 6Click Update. The tab appears with the new name.
11-8 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 11 Monitoring and Reporting in ACS Configuring Tabs in the Dashboard Changing the Dashboard Layout You can change the look and feel of the Dashboard. ACS provides you with nine different in-built layouts. To choose a different layout: Step 1From the Monitoring & Report Viewer, choose Monitoring and Reports > Dashboard. The Dashboard page appears. Step 2Select the tab whose layout you wish to change. Step 3Click the Configure drop-down list at the upper-right corner of the Dashboard page. A list of layout options appears. Step 4Click the radio button next to the layout style that you want for this tab. Step 5Click Save to change the layout. Deleting Tabs from the Dashboard To delete tabs from the Dashboard: Step 1From the Monitoring & Report Viewer, choose Monitoring and Reports > Dashboard. The Dashboard page appears. Step 2Click the Configure drop-down list at the upper-right corner of the Dashboard page. Step 3Click Manage Pages. Step 4Select the tab that you want to delete in the Page Display Order list box. Step 5Click to delete the tab that you have selected. TimesaverAlternatively, when you hover the mouse over the name of the tab that you want to delete, the following icon appears: . Click this icon to delete the tab.
CH A P T E R 12-1 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 12 Managing Alarms The Monitoring feature in ACS generates alarms to notify you of critical system conditions. The monitoring component retrieves data from ACS. You can configure thresholds and rules on this data to manage alarms. Alarm notifications are displayed in the web interface and you can get a notification of events through e-mail and Syslog messages. ACS filters duplicate alarms by default. This chapter contains the following sections: Understanding Alarms, page 12-1 Viewing and Editing Alarms in Your Inbox, page 12-3 Understanding Alarm Schedules, page 12-9 Creating, Editing, and Duplicating Alarm Thresholds, page 12-11 Deleting Alarm Thresholds, page 12-33 Configuring System Alarm Settings, page 12-34 Understanding Alarm Syslog Targets, page 12-35 Understanding Alarms There are two types of alarms in ACS: Threshold Alarms, page 12-1 System Alarms, page 12-2 Threshold Alarms Threshold alarms are defined on log data collected from ACS servers that notify you of certain events. For example, you can configure threshold alarms to notify you of ACS system health, ACS process status, authentication activity or inactivity, and so on. You define threshold conditions on these data sets. When a threshold condition is met, an alarm is triggered. While defining the threshold, you also define when the threshold should be applied (the time period), the severity of the alarm, and how the notifications should be sent. Fifteen categories of available alarm thresholds allow you to monitor many different facets of ACS system behavior. See Creating, Editing, and Duplicating Alarm Thresholds, page 12-11 for more information on threshold alarms.
12-2 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 12 Managing Alarms Understanding Alarms System Alarms System alarms notify you of critical conditions encountered during the execution of the ACS Monitoring and Reporting viewer. System alarms also provide informational status of system activities, such as data purge events or failure of the log collector to populate the View database. You cannot configure system alarms, which are predefined. However, you do have the option to disable system alarms or decide how you want to be notified if you have enabled them. This section contains the following topics: Evaluating Alarm Thresholds, page 12-2 Notifying Users of Events, page 12-3 Evaluating Alarm Thresholds ACS evaluates the threshold conditions based on a schedule. You define these schedules and, while creating a threshold, you assign a schedule to it. A schedule consists of one or more continuous or noncontinuous periods of time during the week. For example, you can create a schedule that is active from 8:00 a.m. to 5:00 p.m., Monday through Friday. See Understanding Alarm Schedules, page 12-9 for more information. When you assign this schedule to a threshold, ACS evaluates the threshold and generates alarms only during the active period. ACS evaluates the thresholds periodically depending on the number of thresholds that are currently enabled. Table 12-1 provides the length of the evaluation cycle for a given number of thresholds. When an evaluation cycle begins, ACS evaluates each enabled threshold one after another. If the schedule associated with the threshold allows the threshold to be executed, ACS evaluates the threshold conditions. An alarm is triggered if the condition is met. See Creating, Editing, and Duplicating Alarm Thresholds, page 12-11 for more information. NoteSystem alarms do not have an associated schedule and are sent immediately after they occur. You can only enable or disable system alarms as a whole. Table 12-1 Evaluation Cycle of Alarm Thresholds Number of Enabled Thresholds Evaluation Cycle1 1. If the time taken to evaluate the thresholds increase, then the evaluation cycle increases from 2 to 3 minutes, 3 to 5 minutes, and from 5 to 15 minutes. The evaluation cycle time is reset to 2, 3, and 5 minutes every 12 hours. 1 to 20 Every 2 minutes 21 to 50 Every 3 minutes 51 to 100 Every 5 minutes