Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Cisco ACS

 

The Cisco ACS DSM for JSA accepts syslog ACS events by using syslog and UDP mutliline.

JSA records all relevant and available information from the event. You can integrate Cisco ACS with JSA by using one of the following methods:

Note

JSA supports only Cisco ACS versions before v3.x using a Universal DSM.

Configuring Syslog for Cisco ACS V5.x

The configuration of syslog forwarding from a Cisco ACS appliance with software version 5.x involves several steps.

You must complete the following tasks:

  1. Create a Remote Log Target
  2. Configure global logging categories
  3. Configure a log source

Creating a Remote Log Target

Creating a remote log target for your Cisco ACS appliance.

  1. Log in to your Cisco ACS appliance.
  2. On the navigation menu, click System Administration >Configuration >Log Configuration >Remote Log Targets.
  3. The Remote Log Targets page is displayed.
  4. Click Create.

    Configure the following parameters:

    Table 1: Remote Target Parameters

    Parameter

    Description

    Name

    Type a name for the remote syslog target.

    Description

    Type a description for the remote syslog target.

    Type

    Select Syslog.

    IP address

    Type the IP address of JSA or your Event Collector.

  5. Click Submit.

You are now ready to configure global policies for event logging on your Cisco ACS appliance.

Configuring Global Logging Categories

To configure Cisco ACS to forward log failed attempts to JSA:

  1. On the navigation menu, click System Administration >Configuration >Log Configuration >Global.

    The Logging Categories window is displayed.

  2. Select the Failed Attempts logging category and click Edit.
  3. Click Remote Syslog Target.
  4. From the Available targets window, use the arrow key to move the syslog target for JSA to the Selected targets window.
  5. Click Submit.

    You are now ready to configure the log source in JSA.

Configuring a Log Source

JSA automatically discovers and creates a log source for syslog events from Cisco ACS v5.x.

However, you can manually create a log source for JSA to receive Cisco ACS events.

To manually configure a log source for Cisco ACS:

  1. Log in to JSA.
  2. Click the Admin tab.
  3. On the navigation menu, click Data Sources.

    The Data Sources pane is displayed.

  4. Click the Log Sources icon.

    The Log Sources window is displayed.

  5. Click Add.

    The Add a log source window is displayed.

  6. From the Log Source Type list, select Cisco ACS.
  7. Using the Protocol Configuration list, select Syslog.

    The syslog protocol configuration is displayed.

  8. Configure the following values:

    Table 2: Syslog Parameters

    Parameter

    Description

    Log Source Identifier

    Type the IP address or host name for the log source as an identifier for Cisco ACS events.

  9. Click Save.
  10. On the Admin tab, click Deploy Changes.

    The configuration is complete.

Configuring Syslog for Cisco ACS V4.x

The configuration of syslog forwarding from a Cisco ACS appliance with software version 4.x involves a few steps.

Complete the following steps:

  1. Configure syslog forwarding
  2. Configure a log source

Configuring Syslog Forwarding for Cisco ACS V4.x

Configuration of an ACS device to forward syslog events to JSA.

Take the following steps to configure the ACS device to forward syslog events to JSA

  1. Log in to your Cisco ACS device.
  2. On the navigation menu, click System Configuration.

    The System Configuration page opens.

  3. Click Logging.

    The logging configuration is displayed.

  4. In the Syslog column for Failed Attempts, click Configure.

    The Enable Logging window is displayed.

  5. Select the Log to Syslog Failed Attempts report check box.
  6. Add the following Logged Attributes:
    • Message-Type

    • User-Name

    • Nas-IP-Address

    • Authen-Failure-Code

    • Caller-ID

    • NAS-Port

    • Author-Data

    • Group-Name

    • Filter Information

    • Logged Remotely

  7. Configure the following syslog parameters:

    Table 3: Syslog Parameters

    Parameter

    Description

    IP

    Type the IP address of JSA.

    Port

    Type the syslog port number of JSA. The default is port 514.

    Max message length (Bytes) - Type

    Type 1024 as the maximum syslog message length.

    Note

    Cisco ACS provides syslog report information for a maximum of two syslog servers.

  8. Click Submit.

    You are now ready to configure the log source in JSA.

Configuring a Log Source for Cisco ACS V4.x

JSA automatically discovers and creates a log source for syslog events from Cisco ACS v4.x.

The following configuration steps are optional.

To manually create a log source for Cisco ACS v4.x, take the following steps:

  1. Log in to JSA.
  2. Click the Admin tab.
  3. On the navigation menu, click Data Sources.

    The Data Sources pane is displayed.

  4. Click the Log Sources icon.

    The Log Sources window is displayed.

  5. Click Add.

    The Add a log source window is displayed.

  6. From the Log Source Type list, select Cisco ACS.
  7. Using the Protocol Configuration list, select Syslog.

    The syslog protocol configuration is displayed.

  8. Configure the following values:

    Table 4: Syslog Parameters

    Parameter

    Description

    Log Source Identifier

    Type the IP address or host name for the log source as an identifier for Cisco ACS events.

  9. Click Save.
  10. On the Admin tab, click Deploy Changes.

    The configuration is complete.

Configuring UDP Multiline Syslog for Cisco ACS Appliances

The Cisco ACS DSM for JSA accepts syslog events from Cisco ACS appliances with log sources that are configured to use the UDP Multiline Syslog protocol.

  1. Log in to JSA.
  2. Click the Admin tab.
  3. In the Data Sources section, click the Log Sources icon, and then click Add.
  4. In the Log Source Name field, type a name for your log source.
  5. From the Log Source Type list, select Cisco ACS.
  6. From the Protocol Configuration list, select UDP Multiline Syslog.
  7. Configure the parameters:

    The following parameters require specific values to collect events from Cisco ACS appliances:

    Table 5: Cisco ACS Log Source Parameters

    Parameter

    Value

    Log Source Identifier

    Type the IP address, host name, or name to identify your Cisco ACS appliance.

    Listen Port

    The default port number that is used by JSA to accept incoming UDP Multiline Syslog events is 517. You can use a different port. The valid port range is 1 - 65535.

    To edit a saved configuration to use a new port number, complete the following steps.

    1. In the Listen Port field, type the new port number for receiving UDP Multiline Syslog events.

    2. Click Save.

    The port update is complete and event collection starts on the new port number.

    Message ID Pattern

    \s(\d{10})\s

    Event Formatter

    Select Cisco ACS Multiline from the list.