Accounting on tacacs

Unanswered Question
Jun 16th, 2007

Hi all,

I have enabled tacacs-server on cisco router and accounting is configured, but we noticed configuration done on interface mode is not logged.

The configuration on cisco is attached, let me know your feedback.



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
mahmoodmkl Sat, 06/16/2007 - 02:59


I think the command should be like this.

aaa accounting commands 15 default start-stop group tacacs+



Mohamed Sobair Sat, 06/16/2007 - 04:00

Hi Mahmood,

I have done it but still its not recording commands issued at the interface level..

commands issued at config/privilege modes are being recorded perfectly..

Any suggestions will be appreciated.



Mohamed Sobair Sat, 06/16/2007 - 11:42

Hi All,

Any one have idea to come out through this issue, it would be appreciated.

Best Regards,

royalblues Sun, 06/17/2007 - 00:08


You need to look at the "Tacacs administration" link on the Cisco acs server for acoounting logs. I do nto know for what reason it does not show in the accounting logs

here is the configuration i used and able to see all the configuration changes under the tacacs administration page


aaa new-model

aaa authentication login ABCD group tacacs+ local

aaa authorization exec ABCD group tacacs+ local

aaa authorization console

aaa authorization config-commands

aaa authorization configuration ABCD group tacacs+ local

aaa authorization commands 10 ABCD group tacacs+ loca

aaa authorization commands 15 ABCD group tacacs+ local

aaa accounting exec ABCD start-stop group tacacs+

aaa accounting commands 1 ABCD start-stop group tacacs+

aaa accounting commands 15 ABCD start-stop group tacacs+



tacacs-server host key XXXXX


line vty 0 15

exec-timeout 5 0

privilege level 15

authorization commands 15 ABCD

authorization commands 1 ABCD

authorization exec ABCD

accounting connection ABCD

accounting commands 1 ABCD

accounting commands 15 ABCD

accounting exec ABCD

login authentication ABCD

HTH,rate if it does


Mohamed Sobair Sun, 06/17/2007 - 01:31

Hi Narayan,

When you applied the same config, Are you able to see accounting logs for interface level?

Now its being able to record all config done at privilige/config modes but only can't log changes dont at interface level!!

Please confirm the above,

I would also like to add that I am configuring a (default) key word instead of ABCD , This shouldnt affect any thing am I right?

Awaiting your feedback.

Best Regads,

royalblues Sun, 06/17/2007 - 02:12

Yes my friend,

I am able to see all the logs under the interface level as well (attached reference logs)

The fact that you use a default group(not key) whereas i use ABCD should not matter.

Try configuring one device according to what i posted and let me know.

HTH, rate if it does


Richard Burts Sun, 06/17/2007 - 04:15


While there are some details of your config that might need clarification or improvement (for example your commands specify group TS but I do not see any definition of a group TS), if you say that some level 15 commands are being logged properly then I assume that the details of the config must be working ok.

I am puzzled about why interface commands are not being written to the accounting records. Your configuration of:

aaa accounting commands 15 default stop-only group TS

is similar to the way that I configure routers. I generally use start-stop where you are using stop-only. I would not expect this to cause the issue that you are seeing but it would be worth trying to see if it is any different if you specify start-stop instead of stop-only.

If that does not make any difference then I wonder if you are encountering a bug in the version of code that you are running. Can you give us the specifics of the code version that you are running? When I configure accounting for level 15 commands I see interface commands in the accounting records, so in general I believe that it works. So it might be worth trying a newer version of code and seeing if the behavior changes.




This Discussion