09-10-2002 10:06 AM - edited 02-21-2020 10:03 AM
Hi,
I have tested AAA accounting with a router / ACS (CSNT) and can't configure them to register each command executed by the user logged inthe console.
I used these commands:
aaa new-model
aaa authentication login default group tacacs+ line
aaa accounting exec AuditConsole start-stop group tacacs+
The only registers I can see at the ACS are start and stop, bytes transfered etc references.
To record each command executed, for audit purpose, do I have to use "aaa accounting commands [level] default start-stop group tacacs+" and specify the commands for a specific level before?
Record user activity by AAA is the better way to do this or I can make this efficiently using Syslog?
Tks,
09-11-2002 08:41 PM
you need command accounting to do this. you will need one "aaa accounting" command for each privilege level you wish to monitor. you do not need start-stop for command accounting, stop only records will log all activity.
this cant be done with syslog.
09-12-2002 04:43 AM
Thank you for your answer.
You wrote: ". you will need one "aaa accounting" command for each privilege level "
This mean that I have to use the command "privilege exec 'level' 'command'" before to specify all commands I want audit or that is a "default"privilege for the commands?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide