Solved: Hi Red,If you customize the

red red · ‎02-25-2015

Here is the command's syntax:

aaa accounting {auth-proxy | system | network | exec | connection | commands level} {default | list-name} {start-stop | stop-only | none} [broadcast] group groupname

The "command" accounting type must include the privilege level of the commands you are logging. How do I log ALL commands?

Take the following example:

aaa accounting commands 15 default start-stop group mygroup

If I issue this command will that mean commands the user executes that have a privilege level lower than 15 will not be logged? Or only commands that require exactly privilege level 15 will be logged?

How can I log all commands regardless of privilege level?

Kanwaljeet Singh · ‎02-25-2015

Hi Red,

If you customize the command privilege level using the privilege command, you can limit which commands the appliance accounts for by specifying a minimum privilege level. The security appliance does not account for commands that are below the minimum privilege level.

The default privilege level is 0. So if you don't specify any privilege level then all should be accounted for.

You can find the command detail at. This is for ASA though.

http://www.cisco.com/c/en/us/td/docs/security/asa/asa80/command/reference/cmd_ref/a1.html#wp1535253

Regards,

Kanwal

Note: Please mark answers if they are helpful.

View solution in original post

Kanwaljeet Singh · ‎02-25-2015