09-28-2006 07:09 PM - edited 03-10-2019 02:46 PM
Using ACS and tacacs+ can I record the keystrokes users type when they enter commands on a device such as a router or switch?
Solved! Go to Solution.
09-29-2006 12:56 AM
Yes , you can record whatever commands a user has run on the Cisco IOS box . For this you need to firstly configure command authorization on the IOS device along with the accounting. Below are the commands that you need.
aaa new-model
aaa authentication login default group tacacs local
aaa authorization exec default group tacacs if-autheticated
aaa authorization commands 0 default group tacacs if-authenticated
aaa authorization commands 1 default group tacacs if-authenticated
aaa authorization commands 15 default group tacacs if-authenticated
aaa accounting commands 0 default group tacacs
aaa accounting commands 1 default group tacacs
aaa accounting commands 15 default group tacacs
tacacs-server host x.x.x.x ket
We also need to configure command authorization in ACS server using the below link ( Note : this link show the sample configuration of ACS using PIX but you can configure the IOS devices similarly)
Once we have configured the ACS and the IOS devices you can check the commands run by users in ACS by going to Reports & Activities > Tacacs admin logs .
09-29-2006 12:56 AM
Yes , you can record whatever commands a user has run on the Cisco IOS box . For this you need to firstly configure command authorization on the IOS device along with the accounting. Below are the commands that you need.
aaa new-model
aaa authentication login default group tacacs local
aaa authorization exec default group tacacs if-autheticated
aaa authorization commands 0 default group tacacs if-authenticated
aaa authorization commands 1 default group tacacs if-authenticated
aaa authorization commands 15 default group tacacs if-authenticated
aaa accounting commands 0 default group tacacs
aaa accounting commands 1 default group tacacs
aaa accounting commands 15 default group tacacs
tacacs-server host x.x.x.x ket
We also need to configure command authorization in ACS server using the below link ( Note : this link show the sample configuration of ACS using PIX but you can configure the IOS devices similarly)
Once we have configured the ACS and the IOS devices you can check the commands run by users in ACS by going to Reports & Activities > Tacacs admin logs .
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide