Cisco Systems OL-24201-01 manual 19-3

Chapter 19 Understanding Logging

About Logging

Note For complex configuration items or attributes, such as policy or DACL contents, the new attribute value is reported as "New/Updated" and the audit does not contain the actual attribute value or values.

–ACS administrator access—Logs all events that occur when an administrators accesses the system until the administrator logs out. It logs whether the administrator exits ACS with an explicit request or if the session has timed out. This log also includes login attempts that fail due to account inactivity. Login failures along with failure reasons are logged.

–ACS operational changes—Logs all operations requested by administrators, including promoting an ACS from your deployment as the primary, requesting a full replication, performing software downloads, doing a backup or restore, generating and restoring PACs, and so on.

–Internal user password change—Logs all changes made to internal user passwords across all management interfaces.

In addition, the administrative and operational audit messages must be logged to the local store. You can optionally log these messages to remote logging targets (see Local Store Target, page 19-5).

•AAA audit, which can include RADIUS and TACACS+ successful or failed authentications, command-access passed or failed authentications, password changes, and RADIUS request responses.

•AAA diagnostics, which can include authentication, authorization, and accounting information for RADIUS and TACACS+ diagnostic requests and RADIUS attributes requests, and identity store and authentication flow information. Logging these messages is optional.

•System diagnostic, which can include system startup and system shutdown, and logging-related diagnostic messages:

–Administration diagnostic messages related to the CLI and web interface

–External server-related messages

–Local database messages

–Local services messages

–Certificate related messages

Logging these messages is optional.

•System statistics, which contains information on system performance and resource utilization. It includes data such as CPU and memory usage and process health and latency for handling requests.

•Accounting, which can contain TACACS+ network access session start, stop, and update messages, as well as messages that are related to command accounting. In addition, you can log these messages to the local store. Logging these messages is optional.

The log messages can be contained in the logging categories as described in this topic, or they can be contained in the logging subcategories. You can configure each logging subcategory separately, and its configuration does not affect the parent category.

In the ACS web interface, choose System Administration > Configuration > Logging Categories > Global to view the hierarchical structure of the logging categories and subcategories. In the web interface, choose Monitoring and Reports > Catalog to run reports based on your configured logging categories.