https://community.cisco.com/t5/network-access-control/aaa-reports/m-p/1453714#M377655 <HTML><HEAD></HEAD><BODY><P>Hi Ganesh, thanks for reply.</P><P>Unfortunately i am still unable to see executed commands in tacacs+ accounting report. I have all report fields enabled, configuration is the same as you suggested but still no luck.&nbsp; I setup shell command authorization set and can see if readonly users (which has rights to run only commands in readonly authorization set) trying to execute commands they are not authorize to run but cannot see all commands executed on the switch.</P><P></P><P>This is really important to have a record who and when initiated what commands on network devices.</P><PRE>07/16/2010,09:18:30,AAAServer,GRoup,SWITCHES,CAT3560-T,UserName,192.168.182.1,start,15,,,,,,2,(Default),,,shell,,,,,,,,,,,,,,UTC,,,,,,,,,,,,,,,,,,,,,,,,No,Login,1,6,192.168.182.20,tty1</PRE><P></P><P></P><P>Any other suggestions?</P></BODY></HTML> Fri, 16 Jul 2010 17:31:54 GMT endpoint 2010-07-16T17:31:54Z https://community.cisco.com/t5/network-access-control/aaa-reports/m-p/1453712#M377648 <P>Hi, need to provide a ACS reports that will include all commands entered on firewalls/switches/routers. </P><P>Successfully setup acs for these network devices, basic AAA is working, can login failed/passed authentications, different level of authentication was correctly configured, but in reports i can see only commands that have been denied (have tested different user levels). How can i setup AAA to log all&nbsp; commands&nbsp; enterend by eg network device admins? </P> Mon, 11 Mar 2019 00:15:42 GMT https://community.cisco.com/t5/network-access-control/aaa-reports/m-p/1453712#M377648 endpoint 2019-03-11T00:15:42Z https://community.cisco.com/t5/network-access-control/aaa-reports/m-p/1453713#M377651 <HTML><HEAD></HEAD><BODY><PRE __jive_macro_name="quote" class="jive_text_macro jive_macro_quote"><DIV class="jive-rendered-content"><P>Hi, need to provide a ACS reports that will include all commands entered on firewalls/switches/routers. </P><P>Successfully setup acs for these network devices, basic AAA is working, can login failed/passed authentications, different level of authentication was correctly configured, but in reports i can see only commands that have been denied (have tested different user levels). How can i setup AAA to log all&nbsp; commands&nbsp; enterend by eg network device admins? </P></DIV><P></P></PRE><P>Hi,</P><P></P><P>In order to get the executed commands in router or switch you need to configure aaa accounting command in router and switch like</P><P></P><P>aaa accounting exec default start-stop group tacacs+<BR />aaa accounting commands 1 default start-stop group tacacs+<BR />aaa accounting commands 15 default start-stop group tacacs+<BR />aaa accounting network default start-stop group tacacs+<BR />aaa accounting connection default start-stop group tacacs+<BR />aaa accounting system default start-stop group tacacs+</P><P></P><P>Then you can see in command logs TACAS adminstration tab in ACS server.</P><P></P><P>Hope to Help !!</P><P></P><P>Ganesh.H</P><P></P><P>Remember to rate the helpful post</P></BODY></HTML> Fri, 16 Jul 2010 09:50:37 GMT https://community.cisco.com/t5/network-access-control/aaa-reports/m-p/1453713#M377651 Ganesh Hariharan 2010-07-16T09:50:37Z https://community.cisco.com/t5/network-access-control/aaa-reports/m-p/1453714#M377655 <HTML><HEAD></HEAD><BODY><P>Hi Ganesh, thanks for reply.</P><P>Unfortunately i am still unable to see executed commands in tacacs+ accounting report. I have all report fields enabled, configuration is the same as you suggested but still no luck.&nbsp; I setup shell command authorization set and can see if readonly users (which has rights to run only commands in readonly authorization set) trying to execute commands they are not authorize to run but cannot see all commands executed on the switch.</P><P></P><P>This is really important to have a record who and when initiated what commands on network devices.</P><PRE>07/16/2010,09:18:30,AAAServer,GRoup,SWITCHES,CAT3560-T,UserName,192.168.182.1,start,15,,,,,,2,(Default),,,shell,,,,,,,,,,,,,,UTC,,,,,,,,,,,,,,,,,,,,,,,,No,Login,1,6,192.168.182.20,tty1</PRE><P></P><P></P><P>Any other suggestions?</P></BODY></HTML> Fri, 16 Jul 2010 17:31:54 GMT https://community.cisco.com/t5/network-access-control/aaa-reports/m-p/1453714#M377655 endpoint 2010-07-16T17:31:54Z https://community.cisco.com/t5/network-access-control/aaa-reports/m-p/1453715#M377666 <HTML><HEAD></HEAD><BODY><PRE __jive_macro_name="quote" class="jive_text_macro jive_macro_quote"><P>Hi Ganesh, thanks for reply.</P><P>Unfortunately i am still unable to see executed commands in tacacs+ accounting report. I have all report fields enabled, configuration is the same as you suggested but still no luck.&nbsp; I setup shell command authorization set and can see if readonly users (which has rights to run only commands in readonly authorization set) trying to execute commands they are not authorize to run but cannot see all commands executed on the switch.</P><P></P><P>This is really important to have a record who and when initiated what commands on network devices.</P><PRE>07/16/2010,09:18:30,AAAServer,GRoup,SWITCHES,CAT3560-T,UserName,192.168.182.1,start,15,,,,,,2,(Default),,,shell,,,,,,,,,,,,,,UTC,,,,,,,,,,,,,,,,,,,,,,,,No,Login,1,6,192.168.182.20,tty1</PRE> <P></P> <P></P> <P>Any other suggestions?</P> </PRE><P>Hi,</P><P></P><P>If your ACS version is 4.1 <SPAN style="font-size: 10pt; font-family: Arial; ">TACACS+ Command Accounting no longer works. No accounting records are visible in the TACACS+ Administration log (bug CSCsg97429). </SPAN></P><P></P><P><SPAN style="font-size: 10pt;"></SPAN></P><P class="pB1_Body1"><SPAN style="font-family: Arial;">Click this link if you are using ACS Solution Engine: </SPAN><A href="http://www.cisco.com/pcgi-bin/tablebuild.pl/acs-win-3des" rel="nofollow" target="_blank"><SPAN style="font-family: Arial;">http://www.cisco.com/pcgi-bin/tablebuild.pl/acs-soleng-3des?psrtdcat20e2 </SPAN></A><SPAN style="font-family: Arial;">and download: </SPAN></P><A name="wp165060" rel="nofollow"></A><P class="pB2_Body2"><SPAN style="font-family: Arial;">applAcs_4.1.1.23_ACS-4.1-CSTacacs-CSCsg97429.zip </SPAN></P><P class="pB2_Body2"></P><P class="pB2_Body2">Hope to Help !!</P><P class="pB2_Body2"></P><P class="pB2_Body2">Ganesh.H</P><P class="pB2_Body2"></P><P class="pB2_Body2">Remember to rate the helpful post</P><P></P></BODY></HTML> Fri, 16 Jul 2010 18:04:20 GMT https://community.cisco.com/t5/network-access-control/aaa-reports/m-p/1453715#M377666 Ganesh Hariharan 2010-07-16T18:04:20Z https://community.cisco.com/t5/network-access-control/aaa-reports/m-p/1453716#M377670 <HTML><HEAD></HEAD><BODY><P>Thanks Ganesh</P><P>I am updating to v4.2 and will check out reports. Will keep this group posted.</P></BODY></HTML> Fri, 16 Jul 2010 19:28:02 GMT https://community.cisco.com/t5/network-access-control/aaa-reports/m-p/1453716#M377670 endpoint 2010-07-16T19:28:02Z https://community.cisco.com/t5/network-access-control/aaa-reports/m-p/1453717#M377680 <HTML><HEAD></HEAD><BODY><P>Works like a charm:</P><P></P><P>16/07/2010,13:19:41,UserName,Group,hostname NewSwitchName <CR>,15,shell,tty1,258,192.168.182.1,<BR />16/07/2010,13:19:44,UserName,Group,write <CR>,15,shell,tty1,259,192.168.182.1,'</CR></CR></P><P></P><P>thanks for your help.</P><P></P><P>Regards,</P></BODY></HTML> Fri, 16 Jul 2010 20:29:28 GMT https://community.cisco.com/t5/network-access-control/aaa-reports/m-p/1453717#M377680 endpoint 2010-07-16T20:29:28Z