Up to this point all the reports that have been discussed are in relation to a local file on ACS, or an ODBC-compliant relational database. In this section, you explore remote logging, which allows you to store your report information on other ACSs. When configuring remote logging, the first decision to make is which ACS will be the central logging point. This ACS is still able to perform normal AAA function; however, it is also used as a central point that accumulates logs from numerous other ACS devices, so you must ensure it has proper storage space, as well as network connectivity to the other ACS devices. When remote logging is enabled, and an AAA server receives accounting data from an AAA client, it sends it directly to the CSlog service on the remote logging server. The remote device can save these files as CSV or ODBC. All remote logging is listened for on port 2001. One can tend to think that this is not very secure; however, this information is encrypted by a 128-bit proprietary encryption algorithm. Configuring Remote LoggingTo configure remote logging, you need to perform configuration on the ACS that sends the information and the ACS that receives the information. The order that they are configured in does not matter. The only criteria for performing remote logging are that both devices are running ACS. Therefore, before you can log to server x, you must have ACS installed. Note that a Central Logging Server is the server that receives logging information from remote ACSs. The configuration of the central server is extremely minimal when it comes to remote logging. In fact, you really don't need to do anything. That's right, nothing. Just make sure that the Central Logging Server is running ACS. There is the chance, however, that you will want to configure the Central Logging Server reports and activity to behave the way you want them to. In this, we are talking about any options to logging and reporting. If you want the Central Logging Server to perform logging to an ODBC-compliant database, you need to configure these options. Configuring the Remote ACS to Send Logging InformationA few more steps are involved in configuring the remote ACS to send logging information. This information is configured in the Network Configuration section of the ACS HTML interface. Follow these steps to complete your configuration:
At this point, the remote ACS is capable of performing remote logging. You can see Remote Logging enabled in Figure 12-24. Figure 12-24. Enable Remote LoggingHowever, your configuration is not complete. To complete the remote logging configuration on the remote ACS continue with these steps:
At this point, you can see that any messages that are logged to the ACS reports are also seen on the Central Logging ACS. Disabling Remote LoggingDisabling remote logging is a simple process. To disable remote logging, follow these steps:
That's all there is to it! In no time, you'll have ACS doing exactly what you want it to do when it comes to logging and reporting! |