Cisco Systems 3.3 Manual De Usuario
Chapter 11 Logs and Reports
NAC Attributes in Logs
11-4
User Guide for Cisco Secure ACS for Windows Server
78-16592-01
Note
Cisco Secure ACS cannot determine how a remote logging service is
configured to process accounting packets that it is forwarded. For
example, if a remote logging service is configured to discard
accounting packets, it discards a forwarded accounting packet and
responds to Cisco Secure ACS with an acknowledgment message,
causing Cisco Secure ACS to write a value of
configured to process accounting packets that it is forwarded. For
example, if a remote logging service is configured to discard
accounting packets, it discards a forwarded accounting packet and
responds to Cisco Secure ACS with an acknowledgment message,
causing Cisco Secure ACS to write a value of
Remote-logging-successful
in the Remote Logging Result attribute
in the local log that records the account packet.
•
Application-Posture-Token—The application posture token (APT) returned
by a particular policy during a posture validation request. This attribute is
available only in the Passed Authentications and Failed Attempts logs. For
more information, see
by a particular policy during a posture validation request. This attribute is
available only in the Passed Authentications and Failed Attempts logs. For
more information, see
.
•
System-Posture-Token—The system posture token (SPT) returned by a
Network Admission Control (NAC) database during a posture validation
request. This attribute is available only in the Passed Authentications and
Failed Attempts logs. For more information, see
Network Admission Control (NAC) database during a posture validation
request. This attribute is available only in the Passed Authentications and
Failed Attempts logs. For more information, see
.
•
Other posture validation attributes—Attributes sent to Cisco Secure ACS
by a NAC client in a posture validation request, identified by the vendor
name, application name, and attribute name that uniquely identify the
attribute. For example, the NAI:AV:DAT-Date attribute is an attribute
containing information about the date of the DAT file on the NAC client for
a Network Associates, Inc., anti-virus application. These attributes are
available only in the Passed Authentications and Failed Attempts logs. For
more information, see
by a NAC client in a posture validation request, identified by the vendor
name, application name, and attribute name that uniquely identify the
attribute. For example, the NAI:AV:DAT-Date attribute is an attribute
containing information about the date of the DAT file on the NAC client for
a Network Associates, Inc., anti-virus application. These attributes are
available only in the Passed Authentications and Failed Attempts logs. For
more information, see
.
NAC Attributes in Logs
Posture validation attributes, used by NAC, can be used in the Passed
Authentications and Failed Attempts logs. All inbound attributes are available for
logging. The only two outbound attributes that you can record in logs are
Application-Posture-Token and System-Posture-Token.
Authentications and Failed Attempts logs. All inbound attributes are available for
logging. The only two outbound attributes that you can record in logs are
Application-Posture-Token and System-Posture-Token.