tag:blogger.com,1999:blog-30409860704761828402024-03-19T11:07:43.643+00:00extraxi news, hints 'n' tipsUnknownnoreply@blogger.comBlogger41125tag:blogger.com,1999:blog-3040986070476182840.post-24956624936597640392010-09-23T12:36:00.002+01:002010-09-23T12:42:38.606+01:00aaa-reports! enterprise v1.2 releasedThe next release of aaa-reports! enterprise has just been made - mainly concentrating on new reports and datasets including:<div><ul><li>Single TACACS+ command authorisations. Shows both permitted and denied commands by combining log entries from Failed Attempts and T+ Device Administration logs</li><li>RADIUS and TACACS session reports. These provide single row per session with all relevant data.</li><li>RADIUS identity networking reports. The dataset used by the RADIUS session report is key for auditing identity network environments allowing for a username to be tied to a client side MAC address/IP Address or telephone number, assigned IP address etc.</li><li>Stability and bug fixes</li><li>Updated installers</li></ul><div>aaa-reports! v1.2 is a free upgrade for customers with a current support contract.</div></div>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-3040986070476182840.post-495644504317727982010-05-13T14:53:00.006+01:002010-05-13T14:59:39.545+01:00Windows Server 2008 UAC IssuesWhen aaa-reports! is installed on a Windows Server 2008 system, you may get a message displayed when attempting to launch aaa-reports:<div><br /><div>"An unidentified program is attempting to access your computer"</div><div>This is caused by User Access Control kicking in - even though you may be logged in as an administrator by default applications you run will not. You can either elevate to admin level on a use-by-use basis or right-click+properties to see aaa-reports! to always "run as administrator".</div><div>However, because the RunAAARe.exe is merely a bootstrap, you will need to locate the RunAccess.exe application as well and elevate this also.</div><div>Alternatively, you can find instructions at <a href="http://technet.microsoft.com/en-us/library/cc709691(WS.10).aspx">Microsoft Technet</a> to either disable UAC completely, or just disable UAC prompting for members of the local admin group.</div></div>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-3040986070476182840.post-62428823330574199802010-04-23T16:58:00.004+01:002010-04-23T17:11:03.147+01:00Using aaa-reports! enterprise database snaphotsOne of the great features added to enterprise v1.1 was the ability to create snapshots of the back-end databases. With automation its possible to, say quarterly or bi-annually, to create a copy of the aaa-reports! database for future use.<div>At some later point in time - perhaps even two years later, during an audit its easy to re-locate the snapshot and re-connect aaa-reports! giving you all the data that was present on the day the snapshot was created.</div><div>To script the creation of a snapshot simply add this command to a .bat or .cmd file executed by the windows task manager:</div><div>RunAAARE /CreateSnapshot(MY_SNAPSHOT<snapshotid>)</snapshotid></div><div>To connect to specific snapshot, start aaa-reports! and enable the "multi-db" feature under options. Re-start and you will be presented with the database manager which allows you to choose which backend database you want to connect to, for example a snapshot or the DEFAULT live database.</div><div>Enjoy.</div>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-3040986070476182840.post-15010252428272778692010-04-22T09:03:00.005+01:002010-04-22T10:25:33.279+01:00How to survive an ACS audit with aaa-reports!For many organisations the Cisco Secure ACS server is the guardian of the network - controlling administrative access to routers and switches plus overseeing end network users over VPN, wireless and firewall.<br /><br />Its no surprise therefore that it should come under intense scrutiny during an audit. Perhaps what is surprising is the lack on awareness over best practice for running ACS in a secure way. We'd like to help in our small way and below is a list of tips we've picked up over the years of providing reporting services for ACS.<br /><ol><li><b>Buy aaa-reports!</b> Without the ability to aggregate the logs from all your ACS servers and report on the data, or use our query builder for forensic analysis, or import the ACS database to document the policy features enabled.... you'll have a hard time getting the evidence that an auditor might ask for.</li><li><b>Make sure ACS is logging the appropriate attributes</b> for the reports you need to create. For example if you need to document who did what to devices in specific Network Device Groups (NDG) you must ensure this value actually gets logged. Performing ACS upgrades often sets logging configs back to their defaults.</li><li><b>Create a build specification for your ACS</b>. Detail the "meta config" of your ACS so that after an emergency hardware swap-out or software upgrade you can quickly check that the ACS has the correct configuration. The build spec document should be under version control and is a useful item in itself to convince an auditor your system is well controlled.</li><li><b>Create a Change Control system for config changes on the ACS</b>. Since its ACS that decides who gets access and what commands they run on your network its vital you report on the Administration Audit logs. During an audit you can then correlate entries in your change control system with actual edits recorded in the Admin Audit logs.<i> aaa-reports!</i> can document what all or individual ACS admins did in detail.</li><li><b>Retain 2 years of actual CSV log data on your reporting server</b>. For general day-to-day reporting you dont need this amount, but during an audit you may be required to show what happened on a specific historic data. <i>aaa-reports!</i> multi-db feature will allow you to create a specific back-end database just for this task and import logs from the required time period. Alternatively use the <i>aaa-reports!</i> snapshot feature to regularly save its database state, for example quarterly. You may then connect <i>aaa-reports!</i> to any of the historic snapshot databases to report on the data from that quarter.</li><li><b>Regularly export the ACS database into aaa-reports!</b> If you are running reports against log data from 2 years ago you also need to know what was in the ACS database at the same time - using a more recent ACS database might yield unexpected results because the configuration is likely to changed in the meantime. Use <i>csvsync </i>to regularly grab the ACS database and keep them alongside the retained CSV logs for future reference.</li><li><b>Review the quality of ACS log data</b>. From time to time its worth taking a look at the quality of the data getting logged. We often find customers with rogue scripts being automated on devices that cause the ACS Failed Attempts logs to become full of many MBs of "junk data" - essentially one failed attempt for each line of the script. If left to continue for months the <i>real data</i> starts to become more difficult to find.</li></ol><div>In terms of specific questions that an audit will concentrate on, typically it will revolve around demonstrating that not only is there specific and adequate policy to control access to those parts of the network require it, but also to seek evidence that those policies are in fact working. In<i> aaa-reports!</i> we added a whole set of reports for TACACS+ Device Administration (TDA) that attempt to document the ACS policy configuration, answer questions such as "who can/cannot access devices and once connected what can they do?" and finally report on what did actually happen.</div><div><br /></div><div>Below are some additional TDA specific tips:</div><div><ol><li><b>Ensure services such as shell/exec are only enabled for ACS groups that really need it</b>. The <i>aaa-reports! TDA Group Summary</i> report will list every ACS group and what TDA features are enabled. The <i>TDA Group Detail</i> report can be used to inspect the policy in detail.</li><li><b>Check for user-level ovverides</b>. In general users should always inherit policy from their group unless there is good reason. The <i>aaa-reports! TDA User Summary</i> report list users with group overriden configuration. The <i>TDA User Detail</i> report can be used to inspect what policy items are specific to the user.</li><li><b>Use Network Access Restrictions</b> (NAR) to prevent login by unauthorised personnel. The first line of defence is to only allow device admin users access to routers and switches. We find some customers rely purely on command authorisation - this potentially lets anyone access the device who can authenticate. Imagine the scenario where ACS has "unknown authentication" enabled pointing at your Windows AD then answer "Who has access?". <i>aaa-reports!</i> can report group-by-group on device access controlled by NARs and therefore answer "Who has access to device XYZ?"</li><li><b>Use Device Command Sets</b> (DCS) for command authorisation. Create a set of re-usable DCSs with meaningful names in preference to simple group-level command authorisations. ACS administration is simplified and the auditor should understand what the intent of the policy is by its name. <i>aaa-reports!</i> can document the both the content of each DCS and the group assignments, thereby answering the question "What commands can user X execute on device XYZ?"</li><li><b>Seek out and remove old ACS user accounts</b>. <i>aaa-reports!</i> can report on inactive users both from examination of accounting logs and (if password aging is enabled) from the imported ACS database itself.</li><li><b>Learn how to use the aaa-reports! Query Builder</b>. Despite the comprehensive set of pre-built canned reports, during an audit you are likely to be asked questions about a specific date, user or device. Knowing how to use the QB to build filter/sort and group/totalling queries will get the answers quickly. Take the random question "How many sessions did user X have on devices A, B and C on this date?" The <i>aaa-reports! QB</i> can easily create custom reports that filter on any number of attribute values, group by multiple columns and have calculated fields such as sum, count, average etc. If you have a working knowledge of Visual Basic 6 (VB6) its also possible to use a rich array of formatting and other VB6 functions to create additional fields.</li></ol><div>Undergoing an audit is never easy, but at least with the right tools it doesnt have to be awful!</div></div>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-3040986070476182840.post-72109326679586005042009-09-08T10:04:00.007+01:002009-09-08T10:17:59.997+01:00Csvsync v3.0.3 ReleasedFor csvsync users who are:<div><ol><li>Running on Server 2008, and</li><li>Using SSL/HTTPS with their ACS server</li></ol><div>v3.0.3 will fix an issue introduced by a <i>feature </i>(read <i>bug</i>) in the latest winhttp.dll (v6). During the csv file download ACS will reject further requests from csvsync. Csvsync will error:</div><div><span class="Apple-style-span" style="font-family:'courier new';" style="font-size: small;">File Sync Error (2)</span></div><div><br /></div><div>On the ACS side, CSAdmin will log the following error in its Admin.log:</div><div><span class="Apple-style-span" style="font-family:'courier new';"><span class="Apple-style-span" style="font-size:small;">ADMN 08/28/2009 13:32:27 E 1261 1896 0x0 Possible attack on session 33542 from 192.168.254.30 </span></span></div><div><br /></div><div><br /></div></div>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-3040986070476182840.post-80407288656738246872009-06-17T11:31:00.006+01:002009-06-17T11:37:15.117+01:00RBAC Style Device Management using CIsco Secure ACS and TACACS+A few years back when we all worked on ACS at Cisco a good friend wrote a really clear guide to using ACS (with TACACS+) to implement an RBAC style system for managing administrative authentication and authorization of IOS devices.<div><br /><div>The Cisco web site isnt always very easy to find stuff and Im sure one day it'll get deleted, so here is link to a <a href="http://www.extraxi.com/PDFs/Cisco%20DCS%20white%20paper.pdf">local copy</a>:</div></div>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-3040986070476182840.post-4974409947102595102009-06-17T11:05:00.007+01:002009-06-17T11:29:23.091+01:00Missing user names in the ACS package.cabaaa-reports! can import the ACS cab file to get an up-to-date list of usernames, group assignments and even much of the policy. However, its possible that dynamic users (eg externally authenticated via Windows, RSA, LDAP etc) may not be included in the cab file.<div><br /><div>This is because ACS now has an extra setting to disable dynamic users. If enabled the external users will not be included in the package.cab file. The setting is in the <i>Configure Caching Unknown Users</i> section on the <i>External Authenticators ACS Admin</i> page.</div><div>Also worth a mention, on the <i>User Setup</i> page there is the <i>Remove Dynamic Users</i> button, that will do exactly that!</div><div>TIP: If you wish to purge stale records - export the cab into aaa-reports! and run the inactivity reports to see which user records can go. Only then should you remove the dynamic users.</div><div>SHAMELESS PLUG: <b>csvsync v3.0</b> can initiate the creation of the package.cab and download it ready for automated import into <b>aaa-reports! enterprise v1.1</b></div></div>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-3040986070476182840.post-85204348142920332992009-05-26T14:34:00.002+01:002009-05-26T14:36:29.067+01:00aaa-reports! v2.3In final testing now... this release addresses some issues with Windows Server 2008 and Cisco Secure ACS v4.2<div><br /></div><div>As usual free of charge to customers with support & maintenance contracts.</div>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-3040986070476182840.post-43602569659560858352009-02-25T08:47:00.011+00:002009-02-25T09:28:50.451+00:00Why we do CSVWe still get the occasionall comment about why aaa-reports! uses CSVs to import data from ACS - as opposed to syslog and ODBC (both of which will be supported in future) and this week a good reminder surfaced. <div><br /><div><div>While looking at some release notes for ACS v4.2 we stumbled across CSCsg62239. This bug blandly says "Binary text appears [randomly] in syslog output". Nice one.</div><div>In our experience CSV logging tends (with a few minor issues) to just work. ODBC logging slows the ACS to a crawl and syslog packets could go into a black hole and you'd never know.</div><div>If you have a legal or audit requirement to retain logs for any period of time - you need to use CSV based logs and collect/archive them regularly. This is where our <a href="http://www.extraxi.com/csvsync.htm">csvsync</a> client can help :)<br /></div></div></div>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-3040986070476182840.post-18846487548771184952009-02-05T11:32:00.003+00:002009-02-05T11:36:21.877+00:00csvsync runtime errors - missing dllA customer recently got a missing DLL error when running csvsync - MSVCO60D.dll to be exact. This is part of the C/C++ runtime and should normally be present already.<br /><br />Anyhow, there is a Microsoft KB article on how to download the latest Visual C++ 6.0 run-time at this URL:<br /><br /><a href="http://support.microsoft.com/kb/259403">http://support.microsoft.com/kb/259403</a>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-3040986070476182840.post-80797215355636350932009-01-29T17:36:00.003+00:002009-01-29T17:45:44.998+00:00What the Government should be spending on in the credit crunchA bit off the usual topic, but...<div><br /></div><div>I was at my local gym this week (part of a larger council run leisure centre) and commented on how hot the poolside and changing rooms felt - not what you need after a 5km run!! It struck me how incredibly high their energy usage must be - 3 pools, sports hall, gym, various studios etc etc with what looks like quite a thin uninsulated roof.</div><div><br /></div><div>It struck me that instead of pumping millions into banks, the car industry, more roads, 3rd runway at Heathrow etc.. that perhaps the government should embark on a project to retrofit all public owned buildings with solar thermal and electric (where possible). This would cost many millions of pounds but provide much needed jobs by creating a whole new industry and above all would SAVE MONEY and CO2 for years to come.</div><div><br /></div><div>My local gym has a massive flat roof structure that would be ideal for mounting the panels and tubes etc. Right now the staff are being told to switch off lights to save money... given the lighting is all low energy anyway its hard to see them saving much.</div><div><br /></div><div>Come on Mr Brown - spend money.. lots of money, but on the right stuff.</div><div><br /></div><div><br /></div>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-3040986070476182840.post-85024622045955003272009-01-29T17:22:00.005+00:002009-01-29T17:33:56.322+00:00Calculated Fields in the Query Builder<span class="Apple-style-span" style="font-size: small;">This week I had to help a customer with the aaa-reports! query builder - amazingly flexible but equally a little hard to master! So I thought I'd post here by way of a primer.</span><div><span class="Apple-style-span" style="font-size: small;"><br /></span></div><div><span class="Apple-style-span" style="font-size: small;">This particular customer had imported their ACS user database and wanted to list inactive users. Although there is a canned report to do this, they wanted to export the data in XLS - which meant doing it in the query builder. Because they are using ACS password ageing, the last authentication date is actually stored inside the ACS database, and is imported into aaa-reports!</span></div><div><span class="Apple-style-span" style="font-size: small;"><br /></span></div><div><span class="Apple-style-span" style="font-size: small;">So in this case we can use the Last Authenticated field as it holds... guess what? The last authenication date. We have to create a "Calculated Field" that is essentially the result of our test condition - say users who havent authenticated for 30 days. We can then set a criteria to test the calculated column.</span></div><div><span class="Apple-style-span" style="font-size: small;"><br /></span></div><div><span><span><span class="Apple-style-span" style="font-size: small;">So to get a .XLS of inactive users (via password ageing):<br /></span></span></span><span class="Apple-style-span" style="font-size: small;"> </span><ol> <li><span><span><span class="Apple-style-span" style="font-size: small;">Goto to the </span><b><span class="Apple-style-span" style="font-size: small;">Query </span></b><span class="Apple-style-span" style="font-size: small;">page and set the </span><b><span class="Apple-style-span" style="font-size: small;">Query Type</span></b><span class="Apple-style-span" style="font-size: small;"> radio button to </span><b><span class="Apple-style-span" style="font-size: small;">Filter/Sort</span></b><span class="Apple-style-span" style="font-size: small;"><br /></span> </span></span></li> <li><span><span><span class="Apple-style-span" style="font-size: small;">Select </span><b><span class="Apple-style-span" style="font-size: small;">ACS DB User Details</span></b><span class="Apple-style-span" style="font-size: small;"> from the </span><b><span class="Apple-style-span" style="font-size: small;">Data Sets</span></b><span class="Apple-style-span" style="font-size: small;"> drop down</span></span></span></li> <li><span><span><span class="Apple-style-span" style="font-size: small;">On the </span><b><span class="Apple-style-span" style="font-size: small;">Attributes </span></b><span class="Apple-style-span" style="font-size: small;">tab select the user attributes you want to display<br /></span> </span></span></li> <li><span><span><span class="Apple-style-span" style="font-size: small;">On the </span><b><span class="Apple-style-span" style="font-size: small;">Sorting </span></b><span class="Apple-style-span" style="font-size: small;">tab pick the </span><b><span class="Apple-style-span" style="font-size: small;">Last Authenticated</span></b><span class="Apple-style-span" style="font-size: small;"> attribute then click </span><b><span class="Apple-style-span" style="font-size: small;">Add Ascending</span></b><span class="Apple-style-span" style="font-size: small;"><br /></span> </span></span></li> <li><span><span><span class="Apple-style-span" style="font-size: small;">Click run</span></span></span></li> </ol> <span><span><span class="Apple-style-span" style="font-size: small;">You'll now get users displayed with the oldest "last authenticated" date at the top. <br /><br />Ok, the above simple query will display all users and not just those that have been inactive for some period. To show only inactive users (say for 30 days or more) we need to modify the query slightly:<br /></span> </span></span><span class="Apple-style-span" style="font-size: small;"> </span><ol> <li><span><span><span class="Apple-style-span" style="font-size: small;">Back on the </span><b><span class="Apple-style-span" style="font-size: small;">Attributes </span></b><span class="Apple-style-span" style="font-size: small;">tab, select the </span><b><span class="Apple-style-span" style="font-size: small;">Calculated Fields</span></b><span class="Apple-style-span" style="font-size: small;"> radio button</span></span></span></li> <li><span><span><span class="Apple-style-span" style="font-size: small;">In the </span><b><span class="Apple-style-span" style="font-size: small;">Name </span></b><span class="Apple-style-span" style="font-size: small;">field enter </span><i><span class="Apple-style-span" style="font-size: small;">IsInactive</span></i><span class="Apple-style-span" style="font-size: small;"> and in the </span><b><span class="Apple-style-span" style="font-size: small;">Expression </span></b><span class="Apple-style-span" style="font-size: small;">enter </span><i><span class="Apple-style-span" style="font-size: small;">[Last Authenticated] < (Date() - 30)</span></i></span></span></li> <li><span><span><span class="Apple-style-span" style="font-size: small;">Click on </span><b><span class="Apple-style-span" style="font-size: small;">Set</span></b><span class="Apple-style-span" style="font-size: small;"> to save the calculated column.</span></span></span></li> <li><span><span><span class="Apple-style-span" style="font-size: small;">Click </span><b><span class="Apple-style-span" style="font-size: small;">Run </span></b><span class="Apple-style-span" style="font-size: small;">again - you'll see a new IsInactive column with values 0 (false) and -1 (true)<br /></span> </span></span></li> <li><span><span><span class="Apple-style-span" style="font-size: small;">Finally on the </span><b><span class="Apple-style-span" style="font-size: small;">Criteria </span></b><span class="Apple-style-span" style="font-size: small;">tab select the new calculated col in the </span><b><span class="Apple-style-span" style="font-size: small;">Attribute </span></b><span class="Apple-style-span" style="font-size: small;">drop down, select </span><b><span class="Apple-style-span" style="font-size: small;"><></span></b><span class="Apple-style-span" style="font-size: small;"> from the </span><b><span class="Apple-style-span" style="font-size: small;">Operator </span></b><span class="Apple-style-span" style="font-size: small;">dropdown and enter </span><i><span class="Apple-style-span" style="font-size: small;">0</span></i><span class="Apple-style-span" style="font-size: small;"> (zero) into the </span><b><span class="Apple-style-span" style="font-size: small;">Value</span></b><span class="Apple-style-span" style="font-size: small;">. Click </span><b><span class="Apple-style-span" style="font-size: small;">Add</span></b></span></span></li> <li><span><span><span class="Apple-style-span" style="font-size: small;">Click </span><b><span class="Apple-style-span" style="font-size: small;">Run </span></b><span class="Apple-style-span" style="font-size: small;">again and now you will only see users whose last authentication date was more than 30 days ago.</span></span></span></li> </ol> <span><span><span class="Apple-style-span" style="font-size: small;">This query can now be saved (for inclusion into a batch of reports) and exported to XLS, CSV etc.</span></span></span></div><div><span class="Apple-style-span" style="font-size: small;"><br /></span></div><div><span class="Apple-style-span" style="font-size: small;">This post shows how the use of a calculated field can help modify the ready made datasets in aaa-reports!</span></div>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-3040986070476182840.post-6119386771535783802008-12-09T14:53:00.003+00:002008-12-09T14:59:08.561+00:00Web Reports Beta 2After a significant amout of testing we can now confirm additional OS support:<div><ul><li>Windows Server 2003, 32/64 bit, IIS6 or IIS7</li><li>Windows Server 2008, 32/64 bit, IIS7</li></ul><div>Some manual configuration is required depending on OS/IIS version. With IIS6 our install script should take care of everything - provided there is a Default Web Site. With IIS7 there are some non-default installation features that are required - asp.net and IIS6 management compatibility and these are documented in the user guide.</div></div>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-3040986070476182840.post-29170016502348836802008-10-24T20:53:00.004+01:002008-12-09T14:59:35.183+00:00Web Report BetaAs described in the previous post... the BETA of aaa-reports! enterprise web reporting is now on the download site.<br /><br />This can be installed on the same server as aaa-report! enterprise itself and requires that IIS is installed with the "Default Web Site" on port 80.<br /><br />If your IIS doesnt have the Default Web or isnt running on port 80 you'll have to manually add and configure a virtual web folder using the IIS Management Console.Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-3040986070476182840.post-65281258474365981252008-10-01T11:56:00.007+01:002008-12-09T14:59:51.884+00:00Web Reporting!The aaa-reports! enterprise product will soon feature web based reporting. The initial release will feature a simple to use query builder that enables a table based report on each of the primary ACS log types (eg Failed Attempts, TACACS+ Adminstration, RADIUS accounting etc)<div><br /><div>Once you're happy with the query and the number of matching records founds, the results are displayed in a tabular report with PDF,CSV,XLS export, paging and sorting controls.</div><div><br /></div><div>Security is handled by Windows authentication on the web server - users will require an account on the aaa-reports! server but can be put into a dedicated group that only allows web access.</div><div><br /></div><div><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhgTl8v0nCcz4-anMHonUB78N3AsWgPBNaIKSlwhuAI70-bkTBaOfJ2_jEtYE-kWXBXr5FfIoB4YZqSk1txWPf3h-Akl6QpOQ4sfEqqaJFNBUdCSFMOKUH-tdiuhuqE6nzrwqJX8jVQVWlt/s1600-h/aaare-web.jpg"><img style="display:block; margin:0px auto 10px; text-align:center;cursor:pointer; cursor:hand;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhgTl8v0nCcz4-anMHonUB78N3AsWgPBNaIKSlwhuAI70-bkTBaOfJ2_jEtYE-kWXBXr5FfIoB4YZqSk1txWPf3h-Akl6QpOQ4sfEqqaJFNBUdCSFMOKUH-tdiuhuqE6nzrwqJX8jVQVWlt/s400/aaare-web.jpg" border="0" alt="" id="BLOGGER_PHOTO_ID_5252143089903121074" /></a></div></div>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-3040986070476182840.post-18085110953115305672008-07-17T15:38:00.003+01:002008-07-17T15:42:49.985+01:00CSVSync V3.0Released a week or two ago, this new version of csvsync can automate the process of exporting the ACS database via the Support function.<br /><br />We posted about this a while back <a href="http://extraxinews.blogspot.com/2008/05/new-features-for-csvsync.html">here</a> and now its officially released.<br /><br />If you have an active support & maintenance contract you get an automatic 40% discount on list price, and if you purchase aaa-reports! enterprise you'll get it bundled.Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-3040986070476182840.post-72823530752793799962008-05-19T14:54:00.011+01:002008-05-21T13:09:07.970+01:00Cisco Secure ACS View 4.0Well they've been talking about it for long enough... and finally Cisco Secure ACS View 4.0 arrived. Although we have not actually been able to see it in the flesh on first look it seems OK. However Cisco have made some questionable architecture choices.. #1 being that they based log collection on syslog and #2 its appliance only.<br /><br />Ok, so syslog is one of the widest used logging protocols (historically) but its hardly the robust transport one would wish for when logging security events. The implementation by ACS is also hampered by their choice of format... basically each syslog packet comprises a single line of log data of the form "attr=value, attr=value, ... " so there is a lot of bloat in carrying the attribute names. Its unlikely that complex ACS deployments will be able to log all the required attributes in a single syslog packet (1024 characters max in ACS 4.1). The View user guide does include the odd explanation that is ok to receive partial data because the rest will get picked up at a later date (presumably by importing the ACS cab file). Yikes - creating a cab requires you stop (or at least pause) the ACS services AND importing the same data twice could lead to duplicate rows.<br /><br />So it uses syslog (unreliable, non-ack'd, un-encrypted) to send partial (1024 characters we guess) log entries using a bloated ascii format that buries attributes names in the data. That could add up to a whole load more WAN traffic if your ACSs are distributed.<br /><br />extraxi aaa-reports! on the other hand uses the tried and tested bulk download over http(s) using our csvsync client to download logs. The benefit here being that ACS just does what it does best - log locally then csvsync/aaa-reports! download the logs in bulk (and with encryption) at a time of your choosing.<br /><br />Being appliance only there is no trial version so you cant test it before buying. It really only works with 4.1(4) but needs 4.2(1) to work well - so if you currently still have some 3.x servers in production you're out of luck. extraxi aaa-reports! works with all versions from 2.x through to 4.x and can be installed on anything from Windows XP to Server 2003 Terminal Server running inside VMWare.<br /><br />On the topic of database size, View is based on Sybase SQL Anywhere which has a fixed 4GB of storage. aaa-reports! enterprise (due for release end of May 2008) uses multiple SQL Server Express databases offering a total of 48GB.<br /><br />More as it arrives...Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-3040986070476182840.post-56870090414749451192008-05-15T11:53:00.000+01:002008-05-20T09:26:30.174+01:00Installing aaa-reports! with Terminal ServicesAs with any other application, to install on Windows Terminal Server you should do one of two things:<br /><ol><li>Use "Add/Remove Programs" in Control Panel to launch the application installer rather than just double-click the setup.exe, or</li><li>From the command line type "change user /install" before running the setup.</li></ol><p>Either of one of these will put the server into install mode and will ensure that installed components and registry changes are made for all users. </p><p>Failure to do one of the above will result in the application not functioning correctly for other users because DLLs will not be installed into the global Windows\System32 folder but instead into your own personnal folder under Documents and Settings.</p><p>We recommend using the Add/Remove Programs method as is by far the simplest and future proofed.</p>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-3040986070476182840.post-7369575997537925202008-05-01T14:17:00.003+01:002008-05-01T14:24:17.908+01:00New Features For CSVSyncQuite a few customers have expressed the desire to generate and collect the ACS Support Cab (package.cab) using csvsync. This gives the advantage of being able schedule the operation via a script on a remote PC - essential if your ACS is the Appliance kind.<br /><br />In testing now is the next version of csvsync with exactly this feature. You can connect to the following versions of ACS to collect the cab file:<br /><br />Appliance v4.0(1) onwards<br />Software v4.1(4) onwards<br /><br />Prior to v4.1(4) the Support page was not available via ACS Admin Software version.<br /><br />Beta expected the next couple of weeks.Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-3040986070476182840.post-38595099115244613002008-04-22T16:01:00.001+01:002008-04-22T16:03:01.425+01:00ACS v4.1(4) Compatibility Issue ResolvedA new build of aaa-reports! v2.2.1 has been posted today that resolves all known issues with importing ACS v4.1(4) cab and dump files.<br /><br />Hoorah!Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-3040986070476182840.post-44312117374465206282008-03-20T11:06:00.003+00:002008-12-12T07:54:37.958+00:00aaa-reports! enterprise edition - beta now available<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEioQR3eIl7QPThUp4M9I2y2-rHMcu2w9oIGY8xrSdNwMdkkcGpnF1gunAmRSI48iyMcqWLzM0qUiksAxWX9P6X6ju47WmYHhFugmizZoT9rrn_7uOkBWzAq3WEkjY35UKngW4vuu7wnrT9t/s1600-h/AAARE+LOGO+GIF.gif"><img id="BLOGGER_PHOTO_ID_5179779366134914034" style="FLOAT: right; MARGIN: 0px 0px 10px 10px; CURSOR: hand" alt="" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEioQR3eIl7QPThUp4M9I2y2-rHMcu2w9oIGY8xrSdNwMdkkcGpnF1gunAmRSI48iyMcqWLzM0qUiksAxWX9P6X6ju47WmYHhFugmizZoT9rrn_7uOkBWzAq3WEkjY35UKngW4vuu7wnrT9t/s320/AAARE+LOGO+GIF.gif" border="0" /></a> aaa-reports! enterprise edition beta 2 is now available for download. Please use our <a href="http://www.extraxi.com/contact.htm">contact page</a> to request a copy.<br /><br />New feature highlights:<br /><ul><li>Scalable SQL Server Express databases for upto 48GB capacity.</li><li>Advanced parameter filter on canned reports (equal, like, null, ...) incl wildcards.</li><li>Enhanced Query Builder. Re-order & re-name columns + complex expressions.</li><li>All ACS log types now supported (incl. appliance, replication etc).</li><li>New look UI and usability enhancements.</li></ul><br />Note the system requirements for this version are higher than for aaa-reports! v2.x and this is because it uses SQL Server as the main repository. Ideally you would be installing on a dual/quad core 2 system with at least 2GB RAM.<br /><br />There are two installers which must be used in the correct order:<br /><ol><li>Environment setup. Installs .NET framework and SQL Server Express</li><li>Application setup<br /></li></ol>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-3040986070476182840.post-68297164999873232822008-01-23T15:53:00.000+00:002008-01-23T15:59:11.895+00:00ACS v4.1(4) Compatibility IssueIf you have recently upgraded to ACS v4.1(4) there is a compatibility issue when importing the ACS database into aaa-reports! due to file format changes inside the cab and dump files.<br /><br />We've posted a fixed build (15th Jan) onto the download site for the .cab file issue and are working on the dump file import now.<br /><br />If you experience the error "database contains no groups or users" when importing the database you need this patch. The patched aaa-reports! version is "FE 2.2342" (click help/about to check)Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-3040986070476182840.post-70185191788118624562007-12-25T16:41:00.000+00:002007-12-20T09:47:51.316+00:00Merry Christmas!To any and all who celebrate this time of year....<br /><br />... and especially our customers<br /><br /><br /><span style="font-size:180%;"><strong>Have a great one!!</strong></span>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-3040986070476182840.post-16696491692630052192007-12-20T09:32:00.000+00:002008-12-12T07:54:38.345+00:00aaa-reports! enterprise... sneak previewWell we're almost there for the first beta of aaa-reports! enterprise. The screenshots below show off our refreshed UI (ok.. about time!)<br /><br /><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjjm2f9XNyrpd_H__He2h-h8vOCCJzf9lU5e6Y3Kv6Q4pIfkzq8Y5y4KpO-qU1O3AuRcF8Uqz8NM3TTSWbAM7fdGTAXXv42dCNWyBuYYX4Cxs0qn9VgPD_daUoES0JW7PBv26X4tDUAJm7X/s1600-h/AAAR+Enterprise+Screenshot+-+Reports.jpg"><img id="BLOGGER_PHOTO_ID_5145986161938379730" style="CURSOR: hand" alt="" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjjm2f9XNyrpd_H__He2h-h8vOCCJzf9lU5e6Y3Kv6Q4pIfkzq8Y5y4KpO-qU1O3AuRcF8Uqz8NM3TTSWbAM7fdGTAXXv42dCNWyBuYYX4Cxs0qn9VgPD_daUoES0JW7PBv26X4tDUAJm7X/s320/AAAR+Enterprise+Screenshot+-+Reports.jpg" border="0" /></a><br /><br />This is a major step forward for aaa-reports! with an all new back end based on SQL Server Express giving us a total of 32GB of storage. Of course we're keeping the multi-DB feature so you actually get n*32GB !!<br /><br />For our biggest customers there is also the option to swap out Express with full blown SQL Server.<br /><br /><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjMKR62JHtu6vPxYdrMCdQSvuLTikGBfZvHuAu4hmXcjuFFW-RT47dhxOudG6hm1lJTk2pGB16NwPfpbCGV0oDZWi5W8uOI0JvVqg_LOE0aKfwTm-rP7BHFDomf3i1NQv86s5tMO3Uln4ZA/s1600-h/AAAR+Enterprise+Screenshot+-+Automation.jpg"><img id="BLOGGER_PHOTO_ID_5145986166233347042" style="CURSOR: hand" alt="" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjMKR62JHtu6vPxYdrMCdQSvuLTikGBfZvHuAu4hmXcjuFFW-RT47dhxOudG6hm1lJTk2pGB16NwPfpbCGV0oDZWi5W8uOI0JvVqg_LOE0aKfwTm-rP7BHFDomf3i1NQv86s5tMO3Uln4ZA/s320/AAAR+Enterprise+Screenshot+-+Automation.jpg" border="0" /></a><br /><br />Switching to SQL Server enables a whole wealth of server-sided filtering that wasnt possible before. As a result all of the canned reports can now be filtered on one or more attributes, eg Network Device Group, Group etc allowing you to make them as general or specific as you wish. The reports also appear much faster as the datasets are created in SQL Server.<br /><br />Oh and the query builder has undergone a major overhaul to allow column ordering to be saved, column renaming and even free form SQL statement entry for very advanced users.Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-3040986070476182840.post-79752131200058673662007-11-29T11:53:00.000+00:002007-11-29T11:57:01.375+00:00Negative values in canned reportsThis week we had some reports of very large negative values in our canned reports - in particular the device utilisation reports.<br /><br />After some delving it turned out to be the customers PIX sending garbage values in the TACACS+ "elapsed time" attribute.<br /><br />The customer is now following this up with Cisco.Unknownnoreply@blogger.com0