ACS Reports

ACS has the capability to provide you, the network administrator, with a number of report logs and can give you information about Remote Authentication Dial-In User Service (RADIUS) interaction with authentication, authorization, and accounting (AAA) clients, TACACS+ interaction with AAA clients, and many other aspects of your AAA environment. You can see a list of these reports in the ACS interface by selecting the Reports and Activity page. Your display is seen in Figure 12-1.

Figure 12-1. Reports and Activity

The numerous types of reports that ACS is capable of maintaining are stored as either comma-separated value (CSV) files or perhaps as a dynamic report that is not stored at all. These CSV files make it easy to import into other programs that generate custom reports, such as Microsoft Excel or Microsoft Access. Although these are stored as CSV files on the ACS, you can view them in the HTML interface in the form of a web page with tables.

Some of the reports need to interact with accounting configurations on an AAA client while others use information gathered by ACS. Some reports keep track of failed authentication and authorization attempts, while others track the users that have been administratively disabled in ACS.

Each of the report logs in the following list can be viewed in the ACS HTML interface, downloaded and viewed in a text editor such as Notepad, or even imported into other programs that are used for custom reporting. If you have access to the file system of the ACS server, you can find them in the following directory locations:

• TACACS+ Accounting Reports Program Files\CiscoSecure ACS vx.x\Logs\TACACS+ Accounting

• TACACS+ Admin Accounting Reports Program Files\CiscoSecure ACS vx.x\Logs\TACACS+ Administration

• RADIUS Accounting Reports Program Files\CiscoSecure ACS vx.x\Logs\RADIUS Accounting

• VOIP Accounting Reports Program Files\CiscoSecure ACS vx.x\Logs\VoIP Accounting

• Passed Authentications Reports Program Files\CiscoSecure ACS vx.x\Logs\Passed Authentications

• Failed Attempts Reports Program Files\CiscoSecure ACS vx.x\Logs\Failed Attempts

• ACS Backup And Restore Program Files\CiscoSecure ACS vx.x\Logs\Backup and Restore

• RDBMS Synchronization Program Files\CiscoSecure ACS vx.x\Logs\DbSync

• Database Replication Program Files\CiscoSecure ACS vx.x\Logs\DBReplicate

• Administration Audit Program Files\CiscoSecure ACS vx.x\Logs\AdminAudit

• User Password Changes Program Files\CiscoSecure ACS vx.x\CSAuth\PasswordLogs

• ACS Service Monitoring Program Files\CiscoSecure ACS vx.x\Logs\ServiceMonitoring

If you don't want to view the report log files that ACS creates in CSV format, you might choose to use the Open Database Connectivity (ODBC)-relationaldatabase compliant form of reporting and logging. This allows ACS to send report log information directly to an ODBC-compliant relational database such as SQL or Crystal Reports. Once in SQL or Crystal Reports, you have the ability to create a much more customized report based on any criteria on which you want to gather information. When this method is used, ACS still creates the local CSV files, and you can still view reports the ACS HTML interface.