Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
566
Views
0
Helpful
2
Replies

unable to achieve accounting for commands...

linnea.wren
Level 1
Level 1

‎09-08-2005 02:47 PM - edited ‎03-10-2019 02:18 PM

Hi,

I have tacacs+ set up on ACS 3.3

I have a few boxes authenticating in tacacs - a PIX (6.3(5)), a 3745 (IOS 12.3(9)), and 3 6509s (CatOS 7.6(7))

I've managed to get accounting records in ACS for logins to the 3745 & a 6509.

But I can't seem to get accounting records for command usage.

I thought it would go like this :

In the 3745, sh run has this :

aaa authentication login default group tacacs+

aaa accounting exec default start-stop group tacacs+

aaa accounting commands 15 default start-stop group tacacs+

aaa accounting network default start-stop group tacacs+

aaa accounting resource default start-stop group tacacs+

aaa session-id common

I thought either "resource" or "exec" or "commands" or a combination of those would cause logging of actual commands, such as "enable", "config t", etc...

I've been reading mans (Cisco IOS Security Config Guide, Configuring Accounting, Configuring TACACS+, Configuring Authentication chapters), but can't figure out what's wrong, and the boss wanted this done last week...

Can anyone point me in the right direction?

Linnea

Labels:
0 Helpful
2 Replies 2

Richard Burts
Hall of Fame
Hall of Fame

‎09-09-2005 08:16 AM

Linnea

I have configured aaa accounting on a number of routers and it works ok. Many of the routers I have configured are configured with the same command that you have used:

aaa accounting commands 15 default start-stop group tacacs+

it works for these routers. It generates an accounting record for each privilege level 15 command that someone enters on the router. The accounting records are viewed in the tacacs administration reports on our server.

Are you saying that a user logs in on the 3745, is authenticated by the tacacs server, goes into enable mode, enters some commands, and that the enable commands are not reflected in the reports on the server?

For the purposes that you are talking about here I do not think that you need the accounting configuration for network or resource. Are they in the configuration for other reasons or were they just put in for the attempt to record sessions and commands?

HTH

Rick

HTH

Rick
0 Helpful

d-garnett
Level 3
Level 3

‎09-10-2005 03:54 PM

you may need the following command

(config)#tacacs-server administration

0 Helpful
Customers Also Viewed These Support Documents