Solved: How do I Use Cisco ACS to log Shell Commands

tereubencisco · ‎05-21-2004

Hi Guys, pleeeease how can I setup Cisco ACS to do Command Authorisation on my Cisco 3660 Router. I get logs for Accounting and Authentication but no logs that show the shell commands issued by users - and this is the most important log I need. I have read materails and downloaded articles from the Cisco website... but the thing is still not giving me the logs.

I have these lines on my Router already:

...

aaa authorization config-commands

aaa authorization exec default group tacacs+

aaa authorization commands 15 default if-authenticated

aaa authorization network default group tacacs+

...

Funny, when I enable AAA Authorization debugging on the Router, it shows me each command being sent by the user on the Debug Log. But nothing shows under TACAC+ Administration on the Cisco Secure ACS. What's responsible for this?

*****************************************************

I have installed the 90-Day trial version of the Cisco ACS and done all necessary setups and I must say I like what I see already. I am initiating moves towards recommending the product for purchase. Thanks guys, I got to know about the functionality of this ACS Software via this forum, keep up the good job. I recommend the software for all those that need to have Security Audit logs suitable for Management Reports.

Richard Burts · ‎05-21-2004

If I understand what you are asking correctly, the answer is not in authorization it is in accounting. I have this configured on my routers and it sends to ACS the commands that privilege level 15 users enter on the router.

aaa accounting commands 15 default start-stop group tacacs+

HTH

Rick

View solution in original post

Richard Burts · ‎05-21-2004

If I understand what you are asking correctly, the answer is not in authorization it is in accounting. I have this configured on my routers and it sends to ACS the commands that privilege level 15 users enter on the router.

aaa accounting commands 15 default start-stop group tacacs+

HTH

Rick

tereubencisco · ‎05-21-2004

Whao, thanks a lot; this sure did solve the problem. It worked like magic.

osamoz · ‎05-21-2004

Nice post

after one week from reading i can't understand the purpose of using aaa ?? really now i'm in bad mood from that .. so any nice guy can discuss this for me and give me example for that plzzzzzzzzzzz .. if he can and thx alot in advance ..

tereubencisco · ‎05-21-2004

Hi Osamoz,

In the best way I understand it; AAA is Authentication, Authorization and Accounting. The purpose? It helps you know and monitor everything that goes on on your Network Devices (Switches and Routers): User logons, what time they logged on and what time they logged off, what configuration (shell) commands were issued by each user during their logon, etc.

If you work in my kind of work environment, u will need to implement AAA. I have dial-up users dialing in all the time; I need to log whenever they access the network and the usernames that logged on. I have other junior level staff that I train to administer the Routers and Switches; I need to know what each person does when they log on, the changes they made during their session such that I can easily know what caused a problem at any time and also know exactly what to do to reverse what anyone might have done.

The AAA Server keep every info to great details; even every command strokes entered by the logged-on user.

Hope this helps in explaining the purpose of AAA Server - though in lay-mans, everyday, not-too-technical language.

osamoz · ‎05-22-2004

Hi tereubencisco,

thx alot for this explain.. actually i'm who love and intresting when make that thing and monitor the router. i'm work with provider..but the question is:

let me ask u plz how i can use aaa . to monitor router and know wt the last let me say 50 commands for example issued on some router..

and thx in advance for this information..