Welcome to the extraxi blog...

If you found this page accidentally and don't know what extraxi is about... we specialise in reporting solutions for the Cisco Secure ACS and Funk SBR access control servers (aka AAA servers).

The servers are predominantly used to secure network services such as dial, wireless lan, vpn, firewall and network device management.

Typically these servers just chuck out MBs of raw CSV log data about network activity. What we do is to help collect this data then import and turn it into useable information.

Tuesday 9 December 2008

Web Reports Beta 2

After a significant amout of testing we can now confirm additional OS support:
  • Windows Server 2003, 32/64 bit, IIS6 or IIS7
  • Windows Server 2008, 32/64 bit, IIS7
Some manual configuration is required depending on OS/IIS version. With IIS6 our install script should take care of everything - provided there is a Default Web Site. With IIS7 there are some non-default installation features that are required - asp.net and IIS6 management compatibility and these are documented in the user guide.

Friday 24 October 2008

Web Report Beta

As described in the previous post... the BETA of aaa-reports! enterprise web reporting is now on the download site.

This can be installed on the same server as aaa-report! enterprise itself and requires that IIS is installed with the "Default Web Site" on port 80.

If your IIS doesnt have the Default Web or isnt running on port 80 you'll have to manually add and configure a virtual web folder using the IIS Management Console.

Wednesday 1 October 2008

Web Reporting!

The aaa-reports! enterprise product will soon feature web based reporting. The initial release will feature a simple to use query builder that enables a table based report on each of the primary ACS log types (eg Failed Attempts, TACACS+ Adminstration, RADIUS accounting etc)

Once you're happy with the query and the number of matching records founds, the results are displayed in a tabular report with PDF,CSV,XLS export, paging and sorting controls.

Security is handled by Windows authentication on the web server - users will require an account on the aaa-reports! server but can be put into a dedicated group that only allows web access.


Thursday 17 July 2008

CSVSync V3.0

Released a week or two ago, this new version of csvsync can automate the process of exporting the ACS database via the Support function.

We posted about this a while back here and now its officially released.

If you have an active support & maintenance contract you get an automatic 40% discount on list price, and if you purchase aaa-reports! enterprise you'll get it bundled.

Monday 19 May 2008

Cisco Secure ACS View 4.0

Well they've been talking about it for long enough... and finally Cisco Secure ACS View 4.0 arrived. Although we have not actually been able to see it in the flesh on first look it seems OK. However Cisco have made some questionable architecture choices.. #1 being that they based log collection on syslog and #2 its appliance only.

Ok, so syslog is one of the widest used logging protocols (historically) but its hardly the robust transport one would wish for when logging security events. The implementation by ACS is also hampered by their choice of format... basically each syslog packet comprises a single line of log data of the form "attr=value, attr=value, ... " so there is a lot of bloat in carrying the attribute names. Its unlikely that complex ACS deployments will be able to log all the required attributes in a single syslog packet (1024 characters max in ACS 4.1). The View user guide does include the odd explanation that is ok to receive partial data because the rest will get picked up at a later date (presumably by importing the ACS cab file). Yikes - creating a cab requires you stop (or at least pause) the ACS services AND importing the same data twice could lead to duplicate rows.

So it uses syslog (unreliable, non-ack'd, un-encrypted) to send partial (1024 characters we guess) log entries using a bloated ascii format that buries attributes names in the data. That could add up to a whole load more WAN traffic if your ACSs are distributed.

extraxi aaa-reports! on the other hand uses the tried and tested bulk download over http(s) using our csvsync client to download logs. The benefit here being that ACS just does what it does best - log locally then csvsync/aaa-reports! download the logs in bulk (and with encryption) at a time of your choosing.

Being appliance only there is no trial version so you cant test it before buying. It really only works with 4.1(4) but needs 4.2(1) to work well - so if you currently still have some 3.x servers in production you're out of luck. extraxi aaa-reports! works with all versions from 2.x through to 4.x and can be installed on anything from Windows XP to Server 2003 Terminal Server running inside VMWare.

On the topic of database size, View is based on Sybase SQL Anywhere which has a fixed 4GB of storage. aaa-reports! enterprise (due for release end of May 2008) uses multiple SQL Server Express databases offering a total of 48GB.

More as it arrives...

Thursday 15 May 2008

Installing aaa-reports! with Terminal Services

As with any other application, to install on Windows Terminal Server you should do one of two things:
  1. Use "Add/Remove Programs" in Control Panel to launch the application installer rather than just double-click the setup.exe, or
  2. From the command line type "change user /install" before running the setup.

Either of one of these will put the server into install mode and will ensure that installed components and registry changes are made for all users.

Failure to do one of the above will result in the application not functioning correctly for other users because DLLs will not be installed into the global Windows\System32 folder but instead into your own personnal folder under Documents and Settings.

We recommend using the Add/Remove Programs method as is by far the simplest and future proofed.

Thursday 1 May 2008

New Features For CSVSync

Quite a few customers have expressed the desire to generate and collect the ACS Support Cab (package.cab) using csvsync. This gives the advantage of being able schedule the operation via a script on a remote PC - essential if your ACS is the Appliance kind.

In testing now is the next version of csvsync with exactly this feature. You can connect to the following versions of ACS to collect the cab file:

Appliance v4.0(1) onwards
Software v4.1(4) onwards

Prior to v4.1(4) the Support page was not available via ACS Admin Software version.

Beta expected the next couple of weeks.

Tuesday 22 April 2008

ACS v4.1(4) Compatibility Issue Resolved

A new build of aaa-reports! v2.2.1 has been posted today that resolves all known issues with importing ACS v4.1(4) cab and dump files.

Hoorah!

Thursday 20 March 2008

aaa-reports! enterprise edition - beta now available

aaa-reports! enterprise edition beta 2 is now available for download. Please use our contact page to request a copy.

New feature highlights:
  • Scalable SQL Server Express databases for upto 48GB capacity.
  • Advanced parameter filter on canned reports (equal, like, null, ...) incl wildcards.
  • Enhanced Query Builder. Re-order & re-name columns + complex expressions.
  • All ACS log types now supported (incl. appliance, replication etc).
  • New look UI and usability enhancements.

Note the system requirements for this version are higher than for aaa-reports! v2.x and this is because it uses SQL Server as the main repository. Ideally you would be installing on a dual/quad core 2 system with at least 2GB RAM.

There are two installers which must be used in the correct order:
  1. Environment setup. Installs .NET framework and SQL Server Express
  2. Application setup

Wednesday 23 January 2008

ACS v4.1(4) Compatibility Issue

If you have recently upgraded to ACS v4.1(4) there is a compatibility issue when importing the ACS database into aaa-reports! due to file format changes inside the cab and dump files.

We've posted a fixed build (15th Jan) onto the download site for the .cab file issue and are working on the dump file import now.

If you experience the error "database contains no groups or users" when importing the database you need this patch. The patched aaa-reports! version is "FE 2.2342" (click help/about to check)