Cisco TACACS event date mismatch
Created: 06 Nov 2008 | Updated: 23 May 2010 | 3 comments
This issue has been solved. See solution.
Hi,
I am facing a strange situation and do not know if the issue is with SSIM 4.5.2 or Cisco TACACS device (from where i am getting logs)
For your information i posting the timestamp that i see in my SSIM.
Logged At Thu Nov 06 12:45:58 GMT 2008
Event date Wed Jun 11 12:49:08 GMT 2008
Created date Thu Nov 06 12:49:09 GMT 2008
Ending Event date Wed Jun 11 12:49:08 GMT 2008
I want to know why am i getting logs from backdate and where the issue is.
Many Thanks
Discussion Filed Under:
Comments 3 Comments • Jump to latest comment
There really isn't enough information here. In order to help you, we need to see the raw Cisco ACS event that produces the SSIM event with these timestamps. I'm assuming you are using the Cisco ACS Event Collector to collect these events? Do you have the Raw Event Logging option turned on? If so, can you post the contents of the raw_event field for this event?
Hi,
raw_event = 07/11/2008,10:03:53,Authen OK,CORP\ABC,Default Group,0013.0257.508b,X.X.X.X,25800,Location-Connection
The above is how the raw event looks. Have renamed few parameters for privacy. Let me know if you want additional info about this. And yes I am using Cisco ACS collector.
OK, I think I have an idea what the problem is. Have you contacted our Support about this yet? Please do so, so that we can get you a fix for this.
Would you like to reply?
Login or Register to post your comment.