06-24-2005 06:42 AM
I trying to do AAA accounting for commands using a Content Engine CE-560 (ACNS 5.2.3 build b9) and Cisco Secure ACS (v3.1(1)build 27).
I have de following configuration:
tacacs key <encrypted>
tacacs host 10.20.250.200
tacacs host 10.10.250.200 primary
!
!
authentication login local enable secondary
authentication login tacacs enable primary
authentication configuration local enable secondary
authentication configuration tacacs enable primary
authentication fail-over server-unreachable
!
aaa accounting exec default start-stop tacacs
aaa accounting commands 0 default stop-only tacacs
aaa accounting commands 15 default start-stop tacacs
aaa accounting system default start-stop tacacs
!
debugging aaa accounting activity on the CE I can see the accounting information being sent to the tacacs server:
Bja-ce1(config)#telnet enable
Jun 23 17:59:24 Bja-ce1 config: ***pam_tac _pam_account: [START] called (pam_tacplus v1.2.9)
Jun 23 17:59:24 Bja-ce1 config: ***pam_tac _pam_account: tac_srv_no=2
Jun 23 17:59:24 Bja-ce1 config: ***pam_tac _pam_account: username [rnbce] obtained
Jun 23 17:59:24 Bja-ce1 config: ***pam_tac _pam_account: tty [pts/0] obtained
Jun 23 17:59:24 Bja-ce1 config: ***pam_tac _pam_account: remote host address [0.0.0.0] obtained
Jun 23 17:59:24 Bja-ce1 config: ***pam_tac _pam_account: Service [shell]
Jun 23 17:59:24 Bja-ce1 config: ***pam_tac _pam_account: CmdLime [priv-lvl=15 cmd=telnet enable ]
Jun 23 17:59:24 Bja-ce1 config: ***pam_tac _pam_account: TaskID [5267]
Jun 23 17:59:24 Bja-ce1 config: ***pam_tac _pam_account: send packet to all servers
Jun 23 17:59:24 Bja-ce1 config: ***pam_tac _pam_account: connected with fd=9 (srv 0)
Jun 23 17:59:25 Bja-ce1 config: ***pam_tac _pam_account: [START] for [rnbce] sent successfully
Jun 23 17:59:25 Bja-ce1 config: ***pam_tac _pam_account: [STOP] called (pam_tacplus v1.2.9)
Jun 23 17:59:25 Bja-ce1 config: ***pam_tac _pam_account: tac_srv_no=2
Jun 23 17:59:25 Bja-ce1 config: ***pam_tac _pam_account: username [rnbce] obtained
Jun 23 17:59:25 Bja-ce1 config: ***pam_tac _pam_account: tty [pts/0] obtained
Jun 23 17:59:25 Bja-ce1 config: ***pam_tac _pam_account: remote host address [0.0.0.0] obtained
Jun 23 17:59:25 Bja-ce1 config: ***pam_tac _pam_account: Service [shell]
Jun 23 17:59:25 Bja-ce1 config: ***pam_tac _pam_account: CmdLime [priv-lvl=15 cmd=telnet enable ]
Jun 23 17:59:25 Bja-ce1 config: ***pam_tac _pam_account: TaskID [5267]
Jun 23 17:59:25 Bja-ce1 config: ***pam_tac _pam_account: send packet to all servers
Jun 23 17:59:25 Bja-ce1 config: ***pam_tac _pam_account: connected with fd=10 (srv 0)
Jun 23 17:59:25 Bja-ce1 config: ***pam_tac _pam_account: [STOP] for [rnbce] sent successfully
Everything seems to work fine except that I cannot see on the ACS logs/reporting the commands entered on the CE cmd line. I Can see log entries for the start an stop events but no information regarding which command was entered.
I cannot find info regarding this issue on the several docs I come acrossed.
Has anyone had this problem?
Thanks in advance.
Ricardo
06-25-2005 11:43 AM
Hi Ricardo,
Which ACS log are you looking in?
In addition, can you check the priv-lvl field? You may be seeing CSCeg90529.
~Zach
07-06-2005 05:22 AM
Hi Zach,
sorry for not replying you sooner.
I looked for ACS accounting and administration logs.
But I could not find any info regarding commands inserted on the CE command line.
My Privilege level is 15.
I have pri-lvl field selected on the Administration log configuration. But I have no information on this log.
Must probably I'm seing CSCeg90529.
The only difference is that I'm running a 5.2 ACNS image and the first-found in version for CSCeg90529 is a 5.3 release.
As soon as I have a confirmation I will post it here.
Thanks for your reply.
Regards,
Ricardo
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: