Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2672
Views
0
Helpful
1
Replies

TACACS+ and syslog server

nathan
Level 1
Level 1

‎05-11-2006 01:14 PM - edited ‎03-10-2019 02:34 PM

Hi,

I was wondering about logging and aaa accounting.

I notice some networks will have a syslog server and a tacacs+ server with aaa accounting. Is it best practices on a security perspective to configure a router to use a syslog server and a tacacs+ server using aaa accounting?

Labels:
0 Helpful
1 Reply 1

darpotter
Level 5
Level 5

‎05-11-2006 01:23 PM

Hi Nathan

As usual its "horses for courses". If you are using a AAA server (such as ACS) to secure access to your routers - then the best practice is to log both session and command accounting to AAA also.

In that way the ACS server will be logging both succesful and failed login/command authorisation attempts AND the session/command accounting.

All this gets logged to standard CSV files for off-line processing in Excel or rather better... something like extraxi aaa-reports!

syslog, on the other hand, is a fire and forget, non standard and somewhat arcane method of logging. Being UDP its "fire and forget" and therefore not as reliable as TACACS+

SOX now effects most large co's and access to network infrastructure (& hence audit of) is becoming vital.

Darran

0 Helpful
Customers Also Viewed These Support Documents