Filter
Top Products
19-2
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 19 Understanding Logging
About Logging
Using Log Targets
You can specify to send customer log information to multiple consumers or Log Targets and specify
whether the log messages are stored locally in text format or forwarded to syslog servers. By default, a
single predefined local Log Target called Local Store stores data in text format on an ACS server and
contains log messages from the local ACS server only. You can view records stored in the Local Store
from the CLI.
In addition, you can specify that logs be forwarded to a syslog server. ACS uses syslog transport to
forward logs to the Monitoring and Reports component. You can also define additional syslog servers to
receive ACS log messages. For each additional syslog server you specify, you must define a remote log
target.
In a distributed deployment, you should designate one of the secondary ACS servers as the Monitoring
and Reports server, and specify that it receive the logs from all servers in the deployment. By default, a
Log Target called the LogCollector identifies the Monitoring and Reports server.
In cases where a distributed deployment is used, the Log Collector option on the web interface designates
which server collects the log information. It is recommended that you designate a secondary server
within the deployment to act as the Monitoring and Reports server.
This section contains the following topics:
• Logging Categories, page 19-2
• Log Message Severity Levels, page 19-4
• Local Store Target, page 19-5
• Viewing Log Messages, page 19-10
• Debug Logs, page 19-11
Logging Categories
Each log is associated with a message code that is bundled with the logging categories according to the
log message content. Logging categories help describe the content of the messages that they contain.
A logging category is a bundle of message codes which describe a function of ACS, a flow, or a use case.
The categories are arranged in a hierarchical structure and used for logging configuration. Each category
has:
• Name—A descriptive name
• Type—Audit, Accounting, or Diagnostics
• Attribute list—A list of attributes that may be logged with messages associated with a category, if
applicable
ACS provides these preconfigured global ACS logging categories, to which you can assign log targets
(see Local Store Target, page 19-5):
• Administrative and Operational audit, which can include:
–
ACS configuration changes—Logs all configuration changes made to ACS. When an in item is
added or edited, the configuration change events also include details of the attributes that were
changed and their new values. If an edit request resulted in no attributes having new values, no
configuration audit record is created.