Cisco Acs 5x User Guide
Have a look at the manual Cisco Acs 5x User Guide online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 53 Cisco manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
13-7 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 13 Managing Reports Working with Catalog Reports Step 7Click Save. The report is saved in your Shared folder and is available for all users. Working with Catalog Reports Catalog reports are system reports that are preconfigured in ACS. This section contains the following: Available Reports in the Catalog, page 13-7 Running Catalog Reports, page 13-11 Deleting Catalog Reports, page 13-13 Running Named Reports, page 13-13 Changing Authorization and Disconnecting Active RADIUS Sessions, page 13-18 Customizing Reports, page 13-20 Restoring Reports, page 13-20 Available Reports in the Catalog Table 13-2 describes the reports available when you select Monitoring and Reports, launch Monitoring & Report Viewer, then select Monitoring and Reports > Reports > Catalog. Table 13-2 Available ACS Reports Report Name Description Logging Category AAA Protocol AAA diagnostics Provides AAA diagnostic details based on severity for a selected time period.Policy diagnostics, identity stores diagnostics, authentication flow diagnostics, RADIUS diagnostics, TACACS+ diagnostics Authentication Trend Provides RADIUS and TACACS+ authentication summary information for a selected time period; along with a graphical representation.Passed authentications, failed attempts RADIUS Accounting Provides user accounting information based on RADIUS for a selected time period.RADIUS accounting RADIUS Authentication Provides RADIUS authentication details for a selected time period.Passed authentications, failed attempts TACACS Accounting Provides user or command accounting information for TACACS+ authentications for a selected time period.TACACS accounting TACACS Authentication Provides TACACS+ authentication details for a selected time period.Passed authentications, failed attempts TACACS Authorization Provides TACACS+ authorization details for a selected time period.Passed authentications, failed attempts Access Service
13-8 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 13 Managing Reports Working with Catalog Reports Access Service Authentication SummaryProvides RADIUS and TACACS+ authentication summary information for a particular access service for a selected time period; along with a graphical representation.Passed authentications, failed attempts Top N Authentications By Access ServiceProvides the top N passed, failed, and total authentication count for RADIUS and TACACS+ authentications with respect to the access service for a selected time period.Passed authentications, failed attempts ACS Instance ACS Administrator EntitlementShows the role of the administrator in ACS and the: Tasks in ACS that the administrator is entitled to access Privileges that the administrator has for each of those operationsNone ACS Administrator Logins Provides access-related events for administrators that includes login, logout, events, and reasons for failed login attempts.Administrative and operational audit ACS Configuration Audit Provides all the configuration changes done in ACS by the administrator for a selected time period.Administrative and operational audit ACS Health Summary Provides the CPU, memory utilization, RADIUS and TACACS+ latency and throughput (in tabular and graphical formats). It also gives process status, process downtime, and disk space utilization for a particular ACS instance in a selected time period.System statistics ACS Instance Authentication SummaryProvides RADIUS and TACACS+ authentication summary information for a particular ACS instance for a selected time period; along with a graphical representation. This report could take several minutes to run depending on the number of records in the database. When you reload this report, if rate of incoming syslog messages is around 150 messages per second or more, the total number of passed and failed authentications that appear above the graph and the passed and failed authentication count that is displayed in the table do not match.Passed authentications, failed attempts ACS Log Information Provides ACS log information for a particular log category and ACS server for a selected time period.All log categories ACS Operations Audit Provides all the operational changes done in ACS by the administrator for a selected time period.Administrative and operational audit Table 13-2 Available ACS Reports (continued) Report Name Description Logging Category
13-9 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 13 Managing Reports Working with Catalog Reports ACS System Diagnostics Provides system diagnostic details based on severity for a selected time period.Internal Operations Diagnostics, distributed management, administrator authentication and authorization Top N Authentication by ACS InstanceProvides the top N passed, failed, and total authentication count for RADIUS and TACACS+ protocol with respect to a particular ACS instance for a selected time period.Passed authentications, failed attempts User Change Password Audit Provides the username of the internal user, identity store name, name of the ACS instance, and time when the user password was changed. Helps to keep track of all changes made to internal user passwords across all ACS interfaces.Administrative and operational audit Endpoint Endpoint MAC Authentication SummaryProvides the RADIUS authentication summary information for a particular MAC or MAB for a selected time period; along with a graphical representation.Passed authentications, failed attempts Top N Authentications By Endpoint MAC AddressProvides the top N passed, failed, and total authentication count for RADIUS protocol with respect to MAC or MAB address for a selected time period.Passed authentications, failed attempts Top N Authentications By MachineProvides the top N passed, failed, and total authentication count for RADIUS protocol with respect to machine information for a selected time period.Passed authentications, failed attempts Failure Reason Authentication Failure Code LookupProvides the description and the appropriate resolution steps for a particular failure reason.N/A Failure Reason Authentication SummaryProvides the RADIUS and TACACS+ authentication summary information for a particular failure reason; along with a graphical representation for a selected time period.Failed attempts Top N Authentications By Failure ReasonProvides the top N failed authentication count for RADIUS and TACACS+ protocols with respect to Failure Reason for a selected time period.Failed attempts Network Device AAA Down Summary Provides the number of AAA unreachable events that a NAD logs within a selected time period.N/A Network Device Authentication SummaryProvides the RADIUS and TACACS+ authentication summary information for a particular network device for a selected time period, along with the graphical representation.Passed authentications, failed attempts Network Device Log MessagesProvides you the log information of a particular network device, for a specified time period.N/A Table 13-2 Available ACS Reports (continued) Report Name Description Logging Category
13-10 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 13 Managing Reports Working with Catalog Reports Session Status Summary Provides the port sessions and status of a particular network device obtained by SNMP. This report uses either the community string provided in the report or the community string configured in the web interface Monitoring And Reports -> Launch Monitoring And Report Viewer -> Monitoring Configuration -> SNMP Settings.N/A Top N AAA Down By Network DeviceProvides the number of AAA down events encountered by each of the network devices.N/A Top N Authentications by Network DeviceProvides the top N passed, failed, and total authentication count for RADIUS and TACACS+ protocols with respect to network device for a selected time period.Passed authentications, failed attempts Security Group Access RBACL Drop Summary Provides a summary of RBACL drop events for a selected time period.N/A SGT Assignment Summary Provides a summary of SGT assignments for a selected time period.Passed authentications Top N RBACL Drops By DestinationProvides the top N RBACL drop event count with respect to destination for a selected time period.N/A Top N RBACL Drops By UserProvides the top N RBACL drop event count with respect to the user for a selected time period.N/A Top N SGT Assignments Provides the top N SGT assignment count for a selected time period.Passed authentications Session Directory RADIUS Active Sessions Provides information on RADIUS authenticated, authorized, and started sessions. ACS 5.3 introduces the Change of Authorization (CoA) feature through the RADIUS Active Sessions report, which allows you to dynamically control active RADIUS sessions. With this feature, you can send a reauthenticate or disconnect request to a NAD to: Reauthenticate the user Terminate the session Terminate the session and restart the port Terminate the session and shut down the portPassed authentications, RADIUS accounting RADIUS Session History Provides a summary of RADIUS session history, such as total authenticated, active, and terminated sessions and total and average session duration and throughput for a selected time period.Passed authentications, RADIUS accounting Table 13-2 Available ACS Reports (continued) Report Name Description Logging Category
13-11 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 13 Managing Reports Working with Catalog Reports Running Catalog Reports To run a report that is in the Catalog: Step 1Select Monitoring & Reports > Reports > Catalog > report_type, where report_type is the type of report you want to run. The available reports for the report type you selected are displayed with the information shown in Table 13-3. RADIUS Terminated SessionsProvides all the RADIUS terminated session information for a selected time period.Passed authentications, RADIUS accounting TACACS Active Sessions Provides information on TACACS+ active sessions.TACACS accounting TACACS Session History Provides TACACS+ session history summary, such as total active and terminated sessions and total and average session duration and throughput for a selected time period.TACACS accounting TACACS Terminated SessionsProvides TACACS terminated session details for a selected time period.TACACS accounting User Top N Authentications By UserProvides top N passed, failed, and total authentication count for RADIUS and TACACS+ protocol with respect to users for a selected time period.Passed authentications, failed attempts User Authentication SummaryProvides RADIUS and TACACS+ authentication summary information for a particular user for a selected time period; along with the graphical representation.Passed authentications, failed attempts Table 13-2 Available ACS Reports (continued) Report Name Description Logging Category Table 13-3 Page Option Description Report Name Available reports based on the report type you selected.
13-12 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 13 Managing Reports Working with Catalog Reports Ty p e Ty p e o f r e p o r t . Modified At Time that the associated report was last modified by an administrator, in the format Ddd Mmm dd hh:mm:ss timezone yyyy, where: Ddd = Sun, Mon, Tue, Wed, Thu, Fri, Sat. Mmm = Jan, Feb, Apr, May, Jun, Jul, Aug, Sep, Oct, Nov, Dec. dd = A two-digit numeric representation of the day of the month, from 01 to 31. hh = A two-digit numeric representation of the hour of the day, from 00 to 23. mm = A two-digit numeric representation of the minute of the hour, from 00 to 59. ss = A two-digit numeric representation of the second of the minute, from 00 to 59. timezone = The time zone. yyyy = A four-digit representation of the year. Table 13-3 Page (continued) Option Description
13-13 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 13 Managing Reports Working with Catalog Reports Step 2Click the radio button next to the report name you want to run, then select one of the options under Run: Run for Today—The report you specified is run and the generated results are displayed. Run for Yesterday—The report you specified is run using the previous day’s values and the generated results are displayed. Query and Run—The Run Report screen appears where you can enter parameters to use when generating the report. Step 3Click Reset Reports to revert to the default report parameters. A message appears asking you to confirm whether to reset the system report files in the catalog to the factory default. Step 4Click Launch Interactive Viewer for more options. Related Topics Available Reports in the Catalog, page 13-7 Deleting Catalog Reports, page 13-13 Understanding the Report_Name Page, page 13-15 Deleting Catalog Reports To delete a report from the Reports > Catalog pages: Step 1Select Monitoring & Reports > Reports > Catalog > report_type, where report_type is the type of report that you want to delete. NoteYou cannot delete system reports from the Reports > Catalog pages; you can delete customized reports only. Step 2Check one or more check boxes next to the reports you want to delete, and click Delete. Step 3Click OK to confirm that you want to delete the selected report(s). The Catalog listing page appears without the deleted report. Running Named Reports Use this page to run reports on specific named reports. Select Monitoring & Reports > Reports > Catalog > report_type >report_name, where report_type is the type of report (see Table 13-3), and report_name is the name of the report that you want to access or run. Table 13-4 describes the available types and names on which you can run reports.
13-14 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 13 Managing Reports Working with Catalog Reports Table 13-4 Reports > Report Types and Names AAA Protocol AAA Diagnostics Authentication Trend RADIUS Accounting RADIUS Authentication TACACS Accounting TACACS Authentication TACACS Authorization Access Service Access Service Authentication Summary Top N Authentications By Access Service ACS Instance ACS Administrator Entitlement ACS Administrator Logins ACS Configuration Audit ACS Health Summary ACS Instance Authentication Summary ACS Log Information ACS Operations Audit ACS System Diagnostics Top N Authentications By ACS Instance User Change Password Audit Endpoint Endpoint MAC Authentication Summary Top N Authentications By Endpoint MAC Address Top N Authentications By Machine Failure Reason Authentication Failure Code Lookup Failure Reason Authentication Summary Top N Authentications By Failure Reason Network Device AAA Down Summary Network Device Authentication Summary Network Device Log Messages Session Status Summary Top N AAA Down By Network Device Top N Authentications By Network Device Security Group Access RBACL Drop Summary SGT Assignment Summary Top N RBACL Drops By Destination Top N RBACL Drops By User Top N SGT Assignments
13-15 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 13 Managing Reports Working with Catalog Reports Related Topics Working with Catalog Reports, page 13-7 Understanding the Report_Name Page, page 13-15 Understanding the Report_Name Page NoteNot all options listed in Ta b l e 1 3 - 5 are used in selecting data for all reports. Session Directory RADIUS Active Sessions RADIUS Session History RADIUS Terminated Sessions TACACS Active Sessions TACACS Session History TACACS Terminated Sessions User Top N Authentications By User User Authentication Summary Table 13-4 Reports > Report Types and Names (continued) Table 13-5 Page Option Description User Enter a username or click Select to enter a valid username on which to configure your threshold. MAC Address Enter a MAC address or click Select to enter a valid MAC address on which to run your report. Identity Group Enter an identity group name or click Select to enter a valid identity group name on which to run your report. Device Name Enter a device name or click Select to enter a valid device name on which to run your report. Device IP Enter a device IP address or click Select to enter a valid device IP address on which to run your report. SNMP Community Configure SNMP preferences to authenticate access to MIB objects. For more information, see Configuring SNMP Preferences, page 15-15. This community string is used by ACS to query information using SNMP on AAA client, and cannot used by SNMP manager to query MIB information on ACS. Device Group Enter a device group name or click Select to enter a valid device group name on which to run your report. Access Service Enter an access service name or click Select to enter a valid access service name on which to run your report Identity Store Enter an identity store name or click Select to enter a valid identity store name on which to run your report. ACS Instance Enter an ACS instance name or click Select to enter a valid ACS instance name on which to run your report.
13-16 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 13 Managing Reports Working with Catalog Reports Failure Reason Enter a failure reason name or click Select to enter a valid failure reason name on which to run your report. Protocol Use the drop down list box to select which protocol on which you want to run your report. Valid options are: RADIUS TA C A C S + Authentication StatusUse the drop down list box to select which authentication status on which you want to run your report. Valid options are: Pass Or Fail Pass Fail Radius Audit Session IDEnter the RADIUS audit session identification name on which you want to run a report. ACS Session ID Enter the ACS session identification name on which you want to run a report. Severity Use the drop down list box to select the severity level on which you want to run a report. This setting captures the indicated severity level and those that are higher within the threshold. Valid options are: Fatal Error Wa r n i n g Info Debug End Point IP AddressEnter the end point IP address on which you want to run a report. Command Accounting OnlyCheck the check box to enable your report to run for command accounting. Top Use the drop down list box to select the number of top (most frequent) authentications by access service on which you want to run your report. Valid options are: 10 50 100 500 1000 All By Use the drop down list box to select the type of authentications on which you want to run your report. Valid options are: Passed Authentications Failed Authentications Total Authentications Table 13-5 Page (continued) Option Description