Core issue
This issue occurs due the presence of Cisco bug ID CSCsg97429.
In this issue, TACACS+ Command Accounting does not work in ACS 4.1(1) Build 23. After you enter the commands on the NAS, no accounting records are seen in the TACACS+ Administration log file. Debugs on the NAS show the records as sent, and they do arrive at the ACS server, but the appropriate log file is not updated.
With ACS logging set to Full, under System Configuration > Service Control, the log file of the CSLog service shows these entries each time a command is entered on the NAS:
12/06/2006 14:22:52 U 5111 2608 Handling message at 0x010A7FF8 (339 bytes)
12/06/2006 14:22:52 A 0000 0960 Logger CSV TACACS+ Accounting: filter denies logging
Resolution
In order to resolve this issue, download and install the ACS 4.1.1.23.4 accumulative patch at Cisco Downloads.
Complete these steps in order to install the patch on ACS appliance"
- Stop CSAgent from CLI.
- Reboot the appliance.
- Issue the download command plus the IP address of the machine from the bat file that you run from the CLI of appliance, for example the download 198.133.219.25 command.
- You should be asked to proceed, and choose Yes.
- Then issue the upgrade command .
- Once the upgrade is successfull,start CSAgent.
In order to install the patch on distribution server, complete these steps:
- Extract the applAcs-4.1.1.23.4.zip.
- Run autorun.bat.
Refer to the About Appliance Upgrades and Patches section of System Configuration: Basic for more information.