07-21-2006 01:14 PM - edited 02-21-2020 10:16 AM
Hi guys,
what command can i use to turn on command accounting in pix like it is possible in the IOS.
i need every command typed to be logged on the ACS server.
07-21-2006 01:49 PM
Command accounting can be configured ONLY in PIX v7.x. Also, it looks like that only non-show commands will be sent.
Per the command reference
To send accounting messages to the TACACS+ accounting server when you enter any command other than show commands at the CLI, use the aaa accounting command command in global configuration mode.
aaa accounting command
http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/v_7_2/cmd_ref/a1_711.htm#wp1428200
For version 6.x,
Authentication and Command Authorization for PIX 6.2
http://www.cisco.com/warp/public/110/pix_command.shtml#accounting
There is no actual command accounting available, but by having syslog activated on the PIX, you can see what actions were performed, as shown in this example:
307002: Permitted Telnet login session from 172.18.124.111
111006: Console Login from pixtest at console
611103: User logged out: Uname: pixtest
307002: Permitted Telnet login session from 172.18.124.111
111006: Console Login from pixtest at console
502103: User priv level changed: Uname: pixtest From: 1 To: 15
111008: User 'pixtest' executed the 'enable' command.
111007: Begin configuration: 172.18.124.111 reading from terminal
111008: User 'pixtest' executed the 'configure t' command.
111008: User 'pixtest' executed the 'write t' command.
Hope this helps! If so, please rate.
Thanks
07-22-2006 03:49 AM
Hi,
you were very helpful with that response.
THANKS!!!!!!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide