Tracking the executed commands

Unanswered Question
Jul 13th, 2007
User Badges:

We are using Microsoft IAS Radius server for authentication to a large number of Cisco routers in our organization. Is it possible to log the commands that are entered on routers (Whether console or telnet session) for audit purposes? If so, is there a document on how to do implement it?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (3 ratings)
parmsing Fri, 07/13/2007 - 09:28
User Badges:


That is very much possible but I am not sure if IAS logging supports it. Here are the commands we need to configure on IOS devcie.

aaa accounting exec default start-stop group tacacs+

aaa accounting commands 0 default start-stop group tacacs+/Radius

aaa accounting commands 1 default start-stop group tacacs+/Radius

aaa accounting commands 15 default start-stop group tacacs+/Radius



Premdeep Banga Fri, 07/13/2007 - 09:31
User Badges:
  • Gold, 750 points or more

Unfortunately its not possible using IAS, as it only supports Radius protocol.

And you are looking for is covered under TACACS+ protocol (Cisco ACS)



parmsing Fri, 07/13/2007 - 11:28
User Badges:


My apologies for the incorrect information, I recreated this issue and Prem is correct, we cannot configure radius accounting for the commands. Tacacs is the only option available for the command accounting.



Richard Burts Sat, 07/14/2007 - 09:31
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN


This is a very neat feature that I was not aware of. I believe it deserves the 5 rating that I gave it.



royalblues Sat, 07/14/2007 - 11:10
User Badges:
  • Green, 3000 points or more

Indeed a very good feature.

rated :-)


nspasov Wed, 07/10/2013 - 16:13
User Badges:
  • Cisco Employee,
  • Cisco Designated VIP,

    2017 AAA, Identity and NAC Security

The link no longer seems to be valid. What is the neat/good feature that you guys are talking about ??


This Discussion