04-25-2012 01:45 PM - edited 03-09-2019 11:49 PM
Is it possible to capture commands entered on a router by another user? What device can I use to monitor my routers everyday and check the logs to see what changes have been made?
04-25-2012 01:47 PM
I am using TACAS and can capture user authentication I just need to capture their changes as well.
04-26-2012 06:37 AM
Hi, You can use the accounting feature of TACACS to capture all the commands that someone elese has entered on a router.
04-26-2012 06:44 AM
Hey Sean, thanks for your respsonse. Can you tell me how to do that? I mean specifics on the server.
04-26-2012 07:01 AM
Hi, If TACACS authentication is working try adding these commands to your router:
aaa accounting commands 1 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
Then check your TACACS server after you have made some config changes.
04-26-2012 07:47 AM
Thank you so much Sean. I just looked up those command they seem like they will work. Can you tell me where I can view this on the ACS server? I am running ACS version 5.2
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide