For record corresponding to AAA, Cisco Secure keep detail in cs_accounting_log. How about an intrusion, for example, a fail attempt to access the "telnet" prompt of a router with invalid username, password pair ?? Is the source ip address and MAC add...

Why all access record are found in cs_accounting_logbut the table cs_user_accounting contain nothing ????I use the ExecSql came with the Sybase of Cisco Secure 2.3 to do the query.