User Guide for Cisco Secure Access Control System 5.3
Monitoring and Reporting
Downloads: This chapterpdf (PDF - 173.0KB) The complete bookPDF (PDF - 8.48MB) | Feedback

Table of Contents

Monitoring and Reporting in ACS

Authentication Records and Details

Dashboard Pages

Working with Portlets

Working with Authentication Lookup Portlet

Running Authentication Lookup Report

Configuring Tabs in the Dashboard

Adding Tabs to the Dashboard

Adding Applications to Tabs

Renaming Tabs in the Dashboard

Changing the Dashboard Layout

Deleting Tabs from the Dashboard

Monitoring and Reporting in ACS

The Monitoring and Reports drawer appears in the primary web interface window and contains the Launch Monitoring & Report Viewer option.

The Monitoring & Report Viewer provides monitoring, reporting, and troubleshooting capabilities for the ACS servers in your network. You can extract consolidated log, configuration, and diagnostic data from one or more ACS servers for advanced reporting and troubleshooting purposes.

You can configure the network access devices (NADs) in your network to send syslog messages to the Monitoring & Report Viewer. To do this, you must configure the logging port on the NAD to UDP 20514.

For example, to enable a NAD in your network to send syslog messages to the Monitoring & Report Viewer, you must enter the following commands on the NAD through the CLI configuration mode:

1. logging monitor informational

2. logging origin-id ip

3. logging host ip transport udp port 20514— where ip is the IP address of the Log Collector in your network.

4. epm logging

Click Launch Monitoring & Report Viewer to open the Monitoring and Reports Viewer in a secondary web interface window, which contains these drawers:

The Monitoring and Reports drawer provides the following functionality:

  • Dashboard—Provides a high-level summary, updated in real time, of the ACS servers in the deployment, the authentication activity, and a summary of authentications against each identity store. See Dashboard Pages.
  • Alarms—You can define thresholds to represent acceptable system performance. Measurements are taken on an ongoing basis and compared against these thresholds. If the thresholds are exceeded, alarms are generated. See Understanding Alarms.
  • Reports— A rich set of reports are available. See Managing Reports .
  • Troubleshooting— Provides tools to assist in troubleshooting the ACS system, including tests for system connectivity and a tool to download support bundles. See Troubleshooting ACS with the Monitoring & Report Viewer .
  • Support for non-English characters (UTF-8)—You can have non-English characters in:

Syslog messages—Configurable attribute value, user name, and ACS named configuration objects

GUI input fields

Query pages

Reports and Interactive Viewer

Alarms

Dashboard lookup

Failure reason text


Note In Monitoring and Reports drawer pages, you can use the page area’s down arrow (v) to hide an area’s content, and the right arrow (>) to show its content.


Related Topic

Authentication Records and Details

A primary source of information for reports are the authentication records. Reports are provided that analyze these records according to multiple categories such as the Access Service used for the request, the user or host referenced in the request, the device making the request, etc. ACS provides summaries of the authentications per instance in each category, and administrators can get additional details.

Within each authentication record there is an option to view the details of the authentication record. The details contain the following information:

  • Authentication Details—Full details of the authentication, which includes details from the request, the service, policies and rules selected for the requests, and the results returned in the response.
  • Authentication Result—The contents of the result response.
  • Steps—Lists the sequence of steps performed when processing the request.

The authentication details information is very helpful when trying to understand why a specific successful response was returned, or to track the steps performed when a failed response was returned.

Dashboard Pages

When you launch the Monitoring & Report Viewer, the Dashboard appears in a secondary web interface window.

ACS 5.3 provides a new customizable dashboard that contains tabs and portlets, where the Monitoring & Report Viewer consolidates your favorite queries, recent alarms and reports, and health status of ACS instances. Each of these tabs can have multiple portlets with each portlet containing an application of your choice.

You can select an application from the list the list of available applications. By default, the Monitoring & Report Viewer provides the following tabs and applications in the Dashboard:


Note These tabs are customizable, and you can modify or delete the following tabs.


  • General—The General tab lists the following:

Five most recent alarms—When you click the name of the alarm, a dialog box appears with the details and the status of the alarm. You can update the information in the Status tab of this dialog box to track the alarm. See Table 12-5 for a description of the fields in the Status tab.

Favorite reports—The favorite reports are displayed in alphabetical order. To view a report, click the name of the report. You can view this report in the Interactive Viewer. You can customize this list to include your favorite reports and can quickly launch them from the dashboard.

  • Troubleshooting—The Troubleshooting tab contains the following panes:

Live Authentications—View live authentications for the day. You can filter the records that appear in this pane.

My Links—You can add your favorite links to this pane.

NAD Show Command—You can run any show command on any NAD device from this pane. To run a NAD show command, you must:

a. Enter the IP address of the NAD (Required).

b. Enter the username and password for the NAD.

c. Choose the protocol, Telnet or SSHv2 (Required).

d. Enter the port number. The default is 23 (Required).

e. Enter the enable password.

f. Check the Use Console Server check box if you want to use the console server.

g. Enter the IP address of the console server—This field is required if you check the Use Console Server check box.

h. Enter the show command that you want to run on the NAD (Required).

When the Monitoring & Report Viewer executes the NAD show command, it might sometimes prompt you for additional details. See Table 14-5 for a description of the fields in the Progress Details page. After you click Done , you can click Show Results Summary to view the result as shown in Table 14-6 .

Authentication Lookup—You can use this portlet to run an authentication report with default parameters, find authentication records for a user or MAC address, and run user or endpoint summary report for a user or end point respectively. For more information on the Authentication Lookup Portlet, see Working with Authentication Lookup Portlet.

  • Authentication Trends—The Authentication Trends tab contains the following panes:

Authentication Trend—Provides a graphical and tabular representation of the authentication trend for up to the past 30 days. In the graphical representation, the time is plotted on the X-axis and the authentications are plotted on the Y-axis.

The tabular representation provides the number of passed, failed, and dropped authentications for each day. The button at the lower-right corner of the chart ( )allows you to toggle between the two views.

Top <N> Authentications—Provides a graphical representation of the top <N> authentications. Time is plotted on the X-axis and authentications are plotted on the Y-axis.

Authentication Snapshot—Provides a snapshot of authentications in the graphical and tabular formats for up to the past 30 days. In the graphical representation, the field based on which the records are grouped together is plotted on the X-axis and the authentications are plotted on the Y-axis.

The tabular representation provides the Category; Pass Count; Daily, Weekly, or Monthly Pass Count; Fail Count; and Daily, Weekly, or Monthly Fail Count. The button at the lower-right corner of the chart ( ) allows you to toggle between the two views.

  • ACS Health—The ACS Health tab provides the system and AAA health of ACS instances. This information is available in a tabular format.

System status is determined by the following parameters—CPU utilization, memory utilization, disk input/output utilization, and disk usage for /opt and /local disk.

AAA status is determined by RADIUS and TACACS+ latency

Hovering the mouse over the legend (Critical, Warning, Healthy) provides the criteria that determines the status of the ACS instance. For a detailed graphical representation of the ACS instance health, click the name of the ACS instance. The ACS health summary report appears. You can view this report in the Interactive Viewer.

You can configure the tabs in the Dashboard to suit your needs. See Configuring Tabs in the Dashboard for more information on how to configure tabs in the Dashboard and add applications to the tabs.

Related Topics

Working with Portlets

A portlet is a small, self-contained window within a dashboard that displays information in the form of real-time charts, tabular reports, and so on. Each tab in the Dashboard consists of one or more portlets. Figure 11-1 shows two portlets from the General tab.

Figure 11-1 Portlets

 

Top 5 Alarms and My Favorite Reports appear in separate windows. You can edit each of these portlets separately.

To edit a portlet, click the edit button ( ) at the upper-right corner of the window. The Monitoring & Report Viewer allows you to customize the information in the portlets to suit your needs. You can add, edit, and delete tabs; edit application settings in portlets; and delete portlets.

Working with Authentication Lookup Portlet

You can add the Authentication Lookup Portlet to the Dashboard.

To add Authentication Lookup Portlet, see Adding Applications to Tabs.

The Authentication Lookup Portlet contains the following fields:

  • Username/MAC Address—(Required for summary reports) Username of the user or the MAC address in aa-bb-cc-dd-ee-ff format. The Monitoring & Report Viewer does not accept MAC address in any other format.
  • View—Choose Authentication to run an authentication report or Summary for a summary report.
  • Time Range—Depending on the View option that you choose, the Time Range drop-down list box is populated. Choose the time range for which you want to generate the report.
  • Start Date—(Enabled when you choose the Custom time range option) Choose the start date.
  • End Date—(Enabled when you choose the Custom time range option) Choose the end date.
  • Protocol—Choose either RADIUS or TACACS+ from the Protocol drop-down list box. The protocol is not taken into account for endpoint summary reports.

Related Topic

Running Authentication Lookup Report

When you run an Authentication Lookup report, consider the following:

  • If you have provided the Username or MAC Address value in the format aa-bb-cc-dd-ee-ff, an authentication report is run for this MAC address.
  • If you have provided the Username or MAC Address value in any other format, the value is considered an username and authentication report is run for that user.
  • If the Username or MAC Address field is empty, an authentication report with default parameters is run for the chosen protocol and time range (similar to running a RADIUS or TACACS Authentication report in the catalog pages).
  • If you provide a valid MAC Address value for the Username or MAC Address field and choose the Summary View option, an endpoint summary report is run. Irrespective of the protocol that you choose, an endpoint summary report is always run for the RADIUS protocol.

If the MAC Address value that you provide is not in the prescribed format, it is assumed to be a username and a user authentication summary report is run for the chosen time range and protocol.

Configuring Tabs in the Dashboard

This section describes how to configure tabs in the Dashboard and add applications to it. This section contains:

Adding Tabs to the Dashboard

The Monitoring & Report Viewer Dashboard allows you to customize the tabs in the dashboard and the applications that are available from them. To add tabs to the Dashboard:


Step 1 From the Monitoring & Report Viewer, choose Monitoring and Reports > Dashboard .

The Dashboard page appears.

Step 2 Click the Configure drop-down list at the upper-right corner of the Dashboard page.

Step 3 Click Add New Page .

Step 4 Enter the name of the tab that you want to create in the Add New Page text box.

Step 5 Click Add Page .

A new tab of your choice is created. You can add the applications that you most frequently monitor in this tab


 

Adding Applications to Tabs

To add an application to a tab:


Step 1 From the Monitoring & Report Viewer > choose Monitoring and Reports > Dashboard .

The Dashboard page appears.

Step 2 Select the tab to which you want to add an application.

If you want to add applications to a new tab, you must add the new tab to the Dashboard before you can add applications to it.

Step 3 Click the Configure drop-down list at the upper-right corner of the Dashboard page.

Step 4 Click Add Application .

An Add Application window appears.

Step 5 Click View Dashboard to see the list of applications that you can add to the Dashboard.

Alternatively, you can enter the name of the application in the Search Content text box.

A list of applications appears.

Step 6 Click the Add link next to the application that you want to add.

The application of your choice is added to the tab. You can edit the parameters in this tab.


 

Renaming Tabs in the Dashboard

To rename existing tabs in the Dashboard:


Step 1 From the Monitoring & Report Viewer > choose Monitoring and Reports > Dashboard.

The Dashboard page appears.

Step 2 Select the tab that you want to rename.

Step 3 Click the Configure drop-down list at the upper-right corner of the Dashboard page.

Step 4 Click Rename Page .

Step 5 Enter the new name in the Rename Page text box.

Step 6 Click Update .

The tab appears with the new name.


 

Changing the Dashboard Layout

You can change the look and feel of the Dashboard. ACS provides you with nine different in-built layouts. To choose a different layout:


Step 1 From the Monitoring & Report Viewer, choose Monitoring and Reports > Dashboard .

The Dashboard page appears.

Step 2 Select the tab whose layout you wish to change.

Step 3 Click the Configure drop-down list at the upper-right corner of the Dashboard page.

A list of layout options appears.

Step 4 Click the radio button next to the layout style that you want for this tab.

Step 5 Click Save to change the layout.


 

Deleting Tabs from the Dashboard

To delete tabs from the Dashboard:


Step 1 From the Monitoring & Report Viewer, choose Monitoring and Reports > Dashboard.

The Dashboard page appears.

Step 2 Click the Configure drop-down list at the upper-right corner of the Dashboard page.

Step 3 Click Manage Pages .

Step 4 Select the tab that you want to delete in the Page Display Order list box.

Step 5 Click to delete the tab that you have selected.


Timesaver Alternatively, when you hover the mouse over the name of the tab that you want to delete, the following icon appears:. Click this icon to delete the tab.