19-3
User Guide for Cisco Secure Access Control System 5.4
OL-26225-01
Chapter19 Understanding Lo gging
About Logging
Note For complex configuration items or attributes, such as policy or DACL contents, the new
attribute value is reported as "New/Updated" and the audit does not contain the actual attribute
value or value s.
ACS administrator access—Logs all events that occur when an administrators accesses the
system until the administrator logs out. It logs whether the administrator exits ACS with an
explicit request or if the session has timed out. This log also includes login attempts that fail
due to account inactivity. Login failures along with failure reasons are logged.
ACS operational changes—Logs all operations requested by administrators, including
promoting an ACS from your deployment as the primary, requesting a full replication,
performing software downloads, doing a backup or restore, generating and restoring PACs, and
so on.
Internal user password change—Logs all changes made to internal u ser passwords across all
management interfaces.
In addition, the administrative and operational audit messages must be logged to the local store. You
can optionally log these messages to remote logging targets (see Local Store Target, page 19-5).
AAA audit, which can include RADIUS and TACACS+ successful or failed authentications,
command-access passed or failed authentications, password changes, a nd RADIUS request
responses.
AAA diagnostics, which can include authentication, authorization, and accounting information for
RADIUS and TACACS+ diagnostic requests and RADIUS attributes requests, and identity store and
authentication flow information. Logging these messages is optional.
System diagnostic, which can include system startup and system shutdown, and logging-related
diagnostic messages:
Administration diagnostic messages related to the CLI and web interface
External server-related messages
Local database messages
Local services messages
Certificate related messages
Logging these messages is optional.
System statistics, which contains information on system performance and resource utilization. It
includes data such as CPU and memory usage and process health and latency for handling requests.
Accounting, which can contain TACACS+ network access session start, stop, and update messages,
as well as messages that are related to command accounting. In addition, you can log these messages
to the local store. Logging these messages is optional.
The log messages can be contained in the logging categories as described in this topic, or they can be
contained in the logging subcategories. You can configure each logging subcategory separately, and its
configuration does not affect the parent category.
In the ACS web interface, choose System Administration > Configuration > Logging Categories >
Global to view the hierarchical structure of the logging categories and subcategories. In the web
interface, choose Monitoring and Reports > Catalog to run reports based on your configured logging
categories.