https://community.cisco.com/t5/network-access-control/keystroke-logging/m-p/625727#M422802 <HTML><HEAD></HEAD><BODY><P>Yes , you can record whatever commands a user has run on the Cisco IOS box . For this you need to firstly configure command authorization on the IOS device along with the accounting. Below are the commands that you need.</P><P></P><P>aaa new-model</P><P>aaa authentication login default group tacacs local</P><P>aaa authorization exec default group tacacs if-autheticated</P><P>aaa authorization commands 0 default group tacacs if-authenticated</P><P>aaa authorization commands 1 default group tacacs if-authenticated</P><P>aaa authorization commands 15 default group tacacs if-authenticated</P><P>aaa accounting commands 0 default group tacacs</P><P>aaa accounting commands 1 default group tacacs</P><P>aaa accounting commands 15 default group tacacs</P><P>tacacs-server host x.x.x.x ket <SECRETKEY></SECRETKEY></P><P></P><P>We also need to configure command authorization in ACS server using the below link ( Note : this link show the sample configuration of ACS using PIX but you can configure the IOS devices similarly)</P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/partner/products/sw/secursw/ps2086/products_configuration_guide_chapter09186a00801fd7cb.html" target="_blank">http://www.cisco.com/en/US/partner/products/sw/secursw/ps2086/products_configuration_guide_chapter09186a00801fd7cb.html</A></P><P></P><P>Once we have configured the ACS and the IOS devices you can check the commands run by users in ACS by going to Reports &amp; Activities &gt; Tacacs admin logs .</P><P></P><P></P></BODY></HTML> Fri, 29 Sep 2006 07:56:18 GMT pbunet 2006-09-29T07:56:18Z https://community.cisco.com/t5/network-access-control/keystroke-logging/m-p/625726#M422801 <P>Using ACS and tacacs+ can I record the keystrokes users type when they enter commands on a device such as a router or switch?</P> Sun, 10 Mar 2019 21:46:18 GMT https://community.cisco.com/t5/network-access-control/keystroke-logging/m-p/625726#M422801 MITCH JOHNSON 2019-03-10T21:46:18Z https://community.cisco.com/t5/network-access-control/keystroke-logging/m-p/625727#M422802 <HTML><HEAD></HEAD><BODY><P>Yes , you can record whatever commands a user has run on the Cisco IOS box . For this you need to firstly configure command authorization on the IOS device along with the accounting. Below are the commands that you need.</P><P></P><P>aaa new-model</P><P>aaa authentication login default group tacacs local</P><P>aaa authorization exec default group tacacs if-autheticated</P><P>aaa authorization commands 0 default group tacacs if-authenticated</P><P>aaa authorization commands 1 default group tacacs if-authenticated</P><P>aaa authorization commands 15 default group tacacs if-authenticated</P><P>aaa accounting commands 0 default group tacacs</P><P>aaa accounting commands 1 default group tacacs</P><P>aaa accounting commands 15 default group tacacs</P><P>tacacs-server host x.x.x.x ket <SECRETKEY></SECRETKEY></P><P></P><P>We also need to configure command authorization in ACS server using the below link ( Note : this link show the sample configuration of ACS using PIX but you can configure the IOS devices similarly)</P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/partner/products/sw/secursw/ps2086/products_configuration_guide_chapter09186a00801fd7cb.html" target="_blank">http://www.cisco.com/en/US/partner/products/sw/secursw/ps2086/products_configuration_guide_chapter09186a00801fd7cb.html</A></P><P></P><P>Once we have configured the ACS and the IOS devices you can check the commands run by users in ACS by going to Reports &amp; Activities &gt; Tacacs admin logs .</P><P></P><P></P></BODY></HTML> Fri, 29 Sep 2006 07:56:18 GMT https://community.cisco.com/t5/network-access-control/keystroke-logging/m-p/625727#M422802 pbunet 2006-09-29T07:56:18Z