07-11-2007 02:01 AM - edited 03-05-2019 05:13 PM
Hi,
I am having a problem getting the aaa acccount command to actually send any information to the my two ACS 4.1 servers. The servers are showing logs for Tacacs accounting but not tacacs Administration, so i am unable to see what commands my technicians are performing on the device.
Any thoughts.
Miron
07-11-2007 02:29 AM
HI
Have u enable accounting for all the commands.Can u paste the config of aaa.
i think the command should be like this
aaa accounting commands 0 15 deafult start-stop group tacacs+
Thanks
Mahmood
07-11-2007 04:23 AM
Mahmood,
These are the commands I currently have and they worked in the past. These are the same commands as on my 3750, 4500, 6500 etc.
The Group AccountingTAC is defined with two servers, which are doing the authentication successfully.
aaa accounting exec default start-stop group AccountingTAC
aaa accounting commands 0 default start-stop group AccountingTAC
aaa accounting commands 1 default start-stop group AccountingTAC
aaa accounting commands 2 default start-stop group AccountingTAC
aaa accounting commands 3 default start-stop group AccountingTAC
aaa accounting commands 4 default start-stop group AccountingTAC
aaa accounting commands 5 default start-stop group AccountingTAC
aaa accounting commands 6 default start-stop group AccountingTAC
aaa accounting commands 7 default start-stop group AccountingTAC
aaa accounting commands 8 default start-stop group AccountingTAC
aaa accounting commands 9 default start-stop group AccountingTAC
aaa accounting commands 10 default start-stop group AccountingTAC
aaa accounting commands 11 default start-stop group AccountingTAC
aaa accounting commands 12 default start-stop group AccountingTAC
aaa accounting commands 13 default start-stop group AccountingTAC
aaa accounting commands 14 default start-stop group AccountingTAC
aaa accounting commands 15 default start-stop group AccountingTAC
07-12-2007 09:27 AM
Miron
Would I be correct in assuming that you were running on an older version of ACS, the accounting/administration logs worked, and then you upgraded to 4.1 and the administration logs stopped working? We ran into that situation at a customer site and discovered that it is a problem in the 4.1 version and that Cisco has a patch for this issue. We installed the patch and the administration reports are now working fine.
HTH
Rick
07-12-2007 09:40 AM
Hi Rick is right,
This is a known issue, you need to apply patch ACS 4.1.1.23.5 to fix the issue.
Patch for appliance is availble on
http://www.cisco.com/cgi-bin/tablebuild.pl/acs-soleng-3des
Patch name : ACS SE 4.1.1.23.5 accumulative patch
Patch for acs windows is availble on
http://www.cisco.com/cgi-bin/tablebuild.pl/acs-win-3des
Patch Name : ACS 4.1.1.23.5 accumulative patch
HTH, rate if it does
Narayan
07-12-2007 11:52 AM
Hi Miron,
This is a known issue with acs running on 4.1.23 that it will not log tacacs admin logs. You need to apply patch for this.
http://www.ciscotaccc.com/kaidara-advisor/security/showcase?case=K15512731
Hope that helps !
Regards,
~JG
07-12-2007 01:22 PM
Thanks for your help everyone, I applied the patch however now my Services will not start on the engine, out of the pan into the fire:-D, tried to do a rollback command and restart the servers but still does not start them.
07-13-2007 05:15 AM
Hi,
I would suggest you to reimage the appliance using recovery CD that you received with appliance and apply the patch again.
Regards,
07-13-2007 05:20 AM
Hi,
I did that this morning, except havent applied the patches to the two servers.
Will apply the patch on the backup , and see if it fails again.
Miron
12-22-2010 08:01 AM
Hi
I too applied the Patch and faced with same issue
Had to restore ACS backup
And the problem still persists
Cant see administration logs
any suggestions
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: