Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
883
Views
0
Helpful
2
Replies

Disable ISE TACACS Logging Feature for a user

Samuel Vuillaume
Cisco Employee
Cisco Employee

‎03-13-2019 06:40 AM

Hi guys,

 

One of my clients is asking if it’s possible for a tacacs user account in ISE to bypass all logging and audit type features ?
Such an account will only authenticate and the password should never be decipherable. 
Any sort of auth logs including accounting and commands run should never be recorded at all. 

Could you let me know if that’s even possible ? To me it sounds this goes against the AAA method.

 

Thank you

Sam

0 Helpful
2 Replies 2

Rob Ingram
VIP
VIP

‎03-13-2019 06:50 AM

Hi,
I haven't tried it myself, but how about using Collection Filter to supress all events for the specific user?

HTH
0 Helpful

paul
Level 10
Level 10
In response to Rob Ingram

‎03-13-2019 08:53 AM

Collection filters for TACACS was just added in patch 6.  You can now filter out all logs for given usernames just like you are able to do for RADIUS.  Basically the same collection filters now apply to both.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents