06-24-2005 06:42 AM
I trying to do AAA accounting for commands using a Content Engine CE-560 (ACNS 5.2.3 build b9) and Cisco Secure ACS (v3.1(1)build 27).
I have de following configuration:
tacacs key <encrypted>
tacacs host 10.20.250.200
tacacs host 10.10.250.200 primary
!
!
authentication login local enable secondary
authentication login tacacs enable primary
authentication configuration local enable secondary
authentication configuration tacacs enable primary
authentication fail-over server-unreachable
!
aaa accounting exec default start-stop tacacs
aaa accounting commands 0 default stop-only tacacs
aaa accounting commands 15 default start-stop tacacs
aaa accounting system default start-stop tacacs
!
debugging aaa accounting activity on the CE I can see the accounting information being sent to the tacacs server:
Bja-ce1(config)#telnet enable
Jun 23 17:59:24 Bja-ce1 config: ***pam_tac _pam_account: [START] called (pam_tacplus v1.2.9)
Jun 23 17:59:24 Bja-ce1 config: ***pam_tac _pam_account: tac_srv_no=2
Jun 23 17:59:24 Bja-ce1 config: ***pam_tac _pam_account: username [rnbce] obtained
Jun 23 17:59:24 Bja-ce1 config: ***pam_tac _pam_account: tty [pts/0] obtained
Jun 23 17:59:24 Bja-ce1 config: ***pam_tac _pam_account: remote host address [0.0.0.0] obtained
Jun 23 17:59:24 Bja-ce1 config: ***pam_tac _pam_account: Service [shell]
Jun 23 17:59:24 Bja-ce1 config: ***pam_tac _pam_account: CmdLime [priv-lvl=15 cmd=telnet enable ]
Jun 23 17:59:24 Bja-ce1 config: ***pam_tac _pam_account: TaskID [5267]
Jun 23 17:59:24 Bja-ce1 config: ***pam_tac _pam_account: send packet to all servers
Jun 23 17:59:24 Bja-ce1 config: ***pam_tac _pam_account: connected with fd=9 (srv 0)
Jun 23 17:59:25 Bja-ce1 config: ***pam_tac _pam_account: [START] for [rnbce] sent successfully
Jun 23 17:59:25 Bja-ce1 config: ***pam_tac _pam_account: [STOP] called (pam_tacplus v1.2.9)
Jun 23 17:59:25 Bja-ce1 config: ***pam_tac _pam_account: tac_srv_no=2
Jun 23 17:59:25 Bja-ce1 config: ***pam_tac _pam_account: username [rnbce] obtained
Jun 23 17:59:25 Bja-ce1 config: ***pam_tac _pam_account: tty [pts/0] obtained
Jun 23 17:59:25 Bja-ce1 config: ***pam_tac _pam_account: remote host address [0.0.0.0] obtained
Jun 23 17:59:25 Bja-ce1 config: ***pam_tac _pam_account: Service [shell]
Jun 23 17:59:25 Bja-ce1 config: ***pam_tac _pam_account: CmdLime [priv-lvl=15 cmd=telnet enable ]
Jun 23 17:59:25 Bja-ce1 config: ***pam_tac _pam_account: TaskID [5267]
Jun 23 17:59:25 Bja-ce1 config: ***pam_tac _pam_account: send packet to all servers
Jun 23 17:59:25 Bja-ce1 config: ***pam_tac _pam_account: connected with fd=10 (srv 0)
Jun 23 17:59:25 Bja-ce1 config: ***pam_tac _pam_account: [STOP] for [rnbce] sent successfully
Everything seems to work fine except that I cannot see on the ACS logs/reporting the commands entered on the CE cmd line. I Can see log entries for the start an stop events but no information regarding which command was entered.
I cannot find info regarding this issue on the several docs I come acrossed.
Has anyone had this problem?
Thanks in advance.
Ricardo
06-25-2005 11:43 AM
Hi Ricardo,
Which ACS log are you looking in?
In addition, can you check the priv-lvl field? You may be seeing CSCeg90529.
~Zach
07-06-2005 05:22 AM
Hi Zach,
sorry for not replying you sooner.
I looked for ACS accounting and administration logs.
But I could not find any info regarding commands inserted on the CE command line.
My Privilege level is 15.
I have pri-lvl field selected on the Administration log configuration. But I have no information on this log.
Must probably I'm seing CSCeg90529.
The only difference is that I'm running a 5.2 ACNS image and the first-found in version for CSCeg90529 is a 5.3 release.
As soon as I have a confirmation I will post it here.
Thanks for your reply.
Regards,
Ricardo
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide