CHAPTE R
19-1
User Guide for Cisco Secure Access Control System 5.4
OL-26225-01
19
Understanding Logging
This chapter describes logging functionality in ACS 5.4. Administrators an d users use the various
management interfaces of ACS to perform different tasks. Using the administrative access control
feature, you can assign permissions to administrators and users to perform different tasks.
Apart from this, you also need an option to track the various acti ons performed by the administrators and
users. ACS offers you several logs that you can use to track these actions and events.
This chapter contains the following sections:
About Logging, page 19-1
ACS 4.x Versus ACS 5.4 Logging, page19-12

About Logging

You can gather the following logs in ACS:
Customer Logs—For auditing and troubleshooting your ACS, including logs tha t record daily
operations, such as accounting, auditing, and system-level diagnostics.
Debug logs—Low-level text messages that you can export to Cisco technical support for evaluation
and troubleshooting. You configure ACS debug logs, using the command line interface. Specifically,
you enable and configure severity levels of the ACS debug logs using the command line interface.
See Command Line Interface Reference Guide for Cisco Secure Access Control System 5.4 for more
information.
Platform logs—Log files generated by the ACS appliance operating system.
Debug and platform logs are stored locally on each ACS server. Customer logs can be viewed centrally
for all servers in a deployment.
You can use the following ACS interfaces for logging:
Web interface—This is the primary logging interface. You can configure which messages to log and
to where you want the messages logged.
Command line interface (CLI)—Allows you to display and download logs, d ebug logs, and debug
backup logs to the local target. The CLI also allows you to display and download platform logs. See
Command Line Interface Reference Guide for Cisco Secure Access Control System 5.4 for more
information.