10-08-2019 11:00 AM
I want to keep track of the change in ACL in ASA by using TACACS+ accounting, by determining the user, command, time,...
I have the following command in ASA:
aaa-server ********* protocol tacacs+
aaa-server ********* (inside) host x.x.x.x
aaa-server ********* (inside) host y.y.y.y
aaa-server ********* (inside) host z.z.z.z
aaa-server ********* (inside) host f.f.f.f
aaa authentication enable console ********* LOCAL
aaa authentication ssh console ********* LOCAL
aaa authentication http console ********* LOCAL
aaa authorization command *********
aaa accounting ssh console *********
what configuration should I add in ASA and ACS to enable this feature?
10-08-2019 01:56 PM
aaa authorization command *********
aaa accounting ssh console *********
these commands enable command and user accounting. Though I might suggest adding aaa accounting serial ******** incase anyone connects to the console port and makes changes.
10-15-2019 11:47 PM
Can you tell me which is better to use ACL log or TACACS accounting to keep track of changes?
10-15-2019 11:51 PM
For changes I would suggest TACACS accounting
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide