15.6. Logging, Reporting, and Auditing
If your NAC deployment experiences a problem, good logging and reporting alert you to the problem and help you identify a solution.
Look for a way to centralize all the log data to a single location, especially if your NAC deployment uses multiple policy engines. You can usually use a third-party management tool, such as a Syslog server, to accomplish the task, but some NAC solutions offer their own central logging and reporting engines. Most of the time, the built-in central logging and reporting engine gives you access to pre-canned reporting that can help you with the NAC solution deployment. You want a reporting tool that offers reports that help you with day-to-day operations and reports that help you when the NAC solution experiences a problem.
Audit trails are an important aspect of logging. If you need to meet some sort of regulatory compliance, auditing may have been a primary driver for your NAC deployment. Make sure that the log information includes as much detail as possible. You want to know who gained access to the network and when, what parts of the network they visited, what their devices looked like, and so on.
Get Network Access Control For Dummies® now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
