No Accounting logs

Nick O · ‎08-03-2023

I have a 2960X switch tied to ISE that is not reporting logs on the Tacacs accounting reports. I have removed an readded device on ISE and redone the config on the switch for it. I need this for production. ISE version is 3.2.

Flavio Miranda · ‎08-03-2023

Hi @Nick O

Can you share the switch config?

Nick O · ‎08-03-2023

yes I can

aaa authentication login VTY group ise-servers local
aaa authentication enable default group ise-servers enable
aaa authorization console
aaa authorization config-commands
aaa authorization exec VTY group ise-servers local
aaa accounting exec default start-stop group ise-servers
aaa accounting commands 0 default start-stop group tacacs+
aaa accounting commands 1 default stop-only group tacacs+
aaa accounting commands 7 default stop-only group tacacs+
aaa accounting commands 15 default stop-only group tacacs+
aaa accounting system default start-stop group ise-servers

Flavio Miranda · ‎08-03-2023

Instead tacacs+ try to use the group name.

aaa accounting commands 0 default start-stop group ise-servers
aaa accounting commands 1 default stop-only group ise-servers
aaa accounting commands 7 default stop-only group ise-servers
aaa accounting commands 15 default stop-only group ise-servers

Nick O · ‎08-03-2023

That solved the issue now the logs are reporting. But the TACACS live logs are not reporting at all. Any solve for that.

Flavio Miranda · ‎08-03-2023

You mean on the ISE live logs you do not see any logs?

Nick O · ‎08-03-2023

yes the live logs are not visible. Logs that are can be accessed through Device Admin>Reports>device admin reports

Usually they are accessible through the live logs. Before going through a deeper dive.

Flavio Miranda · ‎08-03-2023

Well, ISE is not something I am well versed but you may take a look on this link

https://www.wiresandwi.fi/blog/cisco-ise-fresh-ise-31-queue-link-errors-empty-live-logs