AAA accounting issue

Unanswered Question
Jan 3rd, 2008
User Badges:

Hi Sir,


I have the following AAA accounting commands on an IOS device:


aaa accounting exec default start-stop group tacacs+

aaa accounting commands 15 default start-stop group tacacs+

aaa accounting network default start-stop group tacacs+

aaa accounting system default start-stop group tacacs+


On the ACS server, I checked the TACACS+ Accounting logs. Under the "cmd-arg" column, I don't see any commands that user typed on the IOS device being logged.


What am I missing? Please advise.



Thank you.


B.Rgds,

Lim TS


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Premdeep Banga Fri, 01/04/2008 - 06:29
User Badges:
  • Gold, 750 points or more

You need to check TACACS+ Administration logs not Accounting logs.


And if you have ACS version 4.1(1) Build 23.


Then you need to patch that version to over come a known issue regarding Command Accounting on ACS.


http://www.cisco.com/cgi-bin/tablebuild.pl/acs-win-3des

- Acs-4.1.1.23.5-SW.zip

- Acs-4.1.1.23.5-Readme.txt


Regards,

Prem

limtohsoon Fri, 01/04/2008 - 07:07
User Badges:

Hi Prem,


I forgot to mention it is an ACS Solution Engine version 4.1(1) Build 23.


I found one patch, which is, acs_hotfix_kb828028.zip.


Is this the only patch I need to apply on the ACS SE? I'm not very familiar because this is my first deployment of ACS SE.


What about my AAA accounting commands on the IOS devices? Are they correct?


Please advise further.



Thank you.


B.Rgds,

Lim TS


cisco24x7 Fri, 01/04/2008 - 08:16
User Badges:
  • Silver, 250 points or more

I would use the following:


aaa accounting exec default start-stop group tacacs+

aaa accounting commands 0 default start-stop group tacacs+

aaa accounting commands 1 default start-stop group tacacs+

aaa accounting commands 15 default start-stop group tacacs+

aaa accounting network default start-stop group tacacs+

aaa accounting connection default start-stop group tacacs+

aaa accounting system default start-stop group tacacs+

aaa accounting resource default start-stop group tacacs+

aaa accounting resource default start-stop group tacacs+


CCIE Security

Actions

This Discussion