username in accounting report

Unanswered Question
Aug 22nd, 2007
User Badges:

Hello, i wonder how could i get accounting of who get in asa n what have he done to asa.


I already input :

aaa accounting command <group>

aaa accounting enable console <group>

aaa accounting telnet console <group>


And i can see who login in tacac+ accounting.

But i can't see who have input command in tacac+ administration. I just see enable_15 as the username.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jagdeep Gambhir Thu, 08/23/2007 - 05:02
User Badges:
  • Red, 2250 points or more

Chris,

You need to add this command,


aaa authentication enable console LOCAL


That should fix the issue.



~Regards

~JG

Charles_Chi4 Fri, 08/24/2007 - 00:25
User Badges:

i've tried to add that command, but after that no one can login. I have to block asa connection to ACS so it could revert to local authentication.


Is there any solution?

Premdeep Banga Fri, 08/24/2007 - 04:09
User Badges:
  • Gold, 750 points or more

whenever we do enable authentication, you also need to, on ACS on user accounts , check the appropriate option for "TACACS+ Enable Password"


under "Advanced TACACS+ Settings"


By default its, "Use separate password" which is blank.


So if your user account is local on ACS use "Use CiscoSecure PAP password" or if you are being authenticated from some external database check "Use external database password".....


If you are not able to see the option, the enable it from Interface Configuration > Advanced Option section.


then you'll be able to log into enable mode, and see who made the changes in the logs.


Regards,

Prem

Actions

This Discussion