Remote Logging with ACS

Up to this point all the reports that have been discussed are in relation to a local file on ACS, or an ODBC-compliant relational database. In this section, you explore remote logging, which allows you to store your report information on other ACSs.

When configuring remote logging, the first decision to make is which ACS will be the central logging point. This ACS is still able to perform normal AAA function; however, it is also used as a central point that accumulates logs from numerous other ACS devices, so you must ensure it has proper storage space, as well as network connectivity to the other ACS devices.

When remote logging is enabled, and an AAA server receives accounting data from an AAA client, it sends it directly to the CSlog service on the remote logging server. The remote device can save these files as CSV or ODBC. All remote logging is listened for on port 2001. One can tend to think that this is not very secure; however, this information is encrypted by a 128-bit proprietary encryption algorithm.

Configuring Remote Logging

To configure remote logging, you need to perform configuration on the ACS that sends the information and the ACS that receives the information. The order that they are configured in does not matter. The only criteria for performing remote logging are that both devices are running ACS. Therefore, before you can log to server x, you must have ACS installed.

Note that a Central Logging Server is the server that receives logging information from remote ACSs. The configuration of the central server is extremely minimal when it comes to remote logging. In fact, you really don't need to do anything. That's right, nothing. Just make sure that the Central Logging Server is running ACS.

There is the chance, however, that you will want to configure the Central Logging Server reports and activity to behave the way you want them to. In this, we are talking about any options to logging and reporting. If you want the Central Logging Server to perform logging to an ODBC-compliant database, you need to configure these options.

Configuring the Remote ACS to Send Logging Information

A few more steps are involved in configuring the remote ACS to send logging information. This information is configured in the Network Configuration section of the ACS HTML interface. Follow these steps to complete your configuration:

Step 1.	Verify that Central Logging ACS server is present in network configuration by selecting Network Configuration and viewing the AAA server entries.
Step 2.	If the Central Logging ACS is not in Network Configuration, you must add it.
Step 3.	To add an AAA server to Network Configuration, select Add below the AAA Servers table. You can see this in Figure 12-23. If you have Network Device Groups configured, this might be different. Refer to Chapter 9, "Managing Network Configurations," for more information. Figure 12-23. Adding the AAA Server
Step 4.	The next step is to enable remote logging process. Select the Submit button.
Step 5.	Select Interface Configuration.
Step 6.	Select Advanced Options.
Step 7.	Select the Remote Logging check box.
Step 8.	Select the Distributed System check box.
Step 9.	Select Submit.

At this point, the remote ACS is capable of performing remote logging. You can see Remote Logging enabled in Figure 12-24.

Figure 12-24. Enable Remote Logging

However, your configuration is not complete. To complete the remote logging configuration on the remote ACS continue with these steps:

At this point, you can see that any messages that are logged to the ACS reports are also seen on the Central Logging ACS.

Disabling Remote Logging

Disabling remote logging is a simple process. To disable remote logging, follow these steps:

That's all there is to it! In no time, you'll have ACS doing exactly what you want it to do when it comes to logging and reporting!