10-28-2002 08:43 AM - edited 02-21-2020 10:04 AM
Hi everyone,
Is it possible to log every command issued on routers/switches to an AAA server such as CiscoSecure ACS?
If yes, how?
Cheers,
Attila
10-28-2002 12:41 PM
Sure, just use the "tacacs administration" command along with the apporpriate accounting commands.
-Jeff
10-28-2002 01:00 PM
There is an excellent example of using IOS command authorization and accounting with CiscoSecure ACS for Unix here:
http://www.cisco.com/univercd/cc/td/doc/cisintwk/intsolns/secsols/aaasols/c262c4.htm#xtocid6
and
http://www.cisco.com/univercd/cc/td/doc/cisintwk/intsolns/secsols/aaasols/c262c5.htm#86578
Note this is command accounting for privilege level 15 commands. If you want to account for others, just specify the privilege level.
Hope this helps....
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide