Chapter 1 Overview
AAA Server Functions and Concepts
1-22
User Guide for Cisco Secure ACS for Windows Server
78-16592-01
Accounting
AAA clients use the accounting functions provided by the RADIUS and
TACACS+ protocols to communicate relevant data for each user session to the
AAA server for recording. Cisco Secure ACS writes accounting records to a
comma-separated value (CSV) log file or ODBC database, depending upon your
configuration. You can easily import these logs into popular database and
spreadsheet applications for billing, security audits, and report generation. You
can also use a third-party reporting tool to manage accounting data. For example,
aaa-reports! by Extraxi supports Cisco Secure ACS (http://www.extraxi.com).
Among the types of accounting logs you can generate are the following:
•TACACS+ Accounting—Lists when sessions start and stop; records AAA
client messages with username; provides caller line identification
information; records the duration of each session.
•RADIUS Accounting—Lists when sessions stop and start; records AAA
client messages with username; provides caller line identification
information; records the duration of each session.
•Administrative Accounting—Lists commands entered on a network device
with TACACS+ command authorization enabled.
For more information about Cisco Secure ACS logging capabilities, see
Chapter 11, “Logs and Reports”.
Other Accounting-Related Features
In addition to the accounting-related features discussed in this section, the
following features are provided by Cisco Secure ACS:
•Centralized logging, allowing several Cisco Secure ACS for Windows Server
installations to forward their accounting data to a remote Cisco Secure ACS
(see Remote Logging, page 11-26).
•Configurable supplementary user ID fields for capturing additional
information in logs (see User Data Configuration Options, page 3-3).
•Configurable logs, allowing you to capture as much information as needed
(see Accounting Logs, page 11-6).