No TACACS+ Administration Logging on ACS

mlenco · ‎01-30-2008

I can get a csv file created for a TACACS+ Administration log/report [configured in Interface Logging of the ACS] but that log file is is empty. Help states that aaa accounting commands start-stop TACACS+ must appear in the access server or router configuration file in order to capture this day but my ASA 5520 will only allow;

aaa accounting command <server group> or <privilege>.

How do I get this ASA and Windows ACS to collect TACACS+ administration?

Note: My TACACS+ accounting does collect data on users ssh into the ASA.

pvanvuuren · ‎01-30-2008

It's quite possible that you might be experiencing a know bug ( CSCsg97429 ) in ACS version 4.1.

Get this Patch: Acs-4.1.1.23.5-SW.zip. It fixes the TACACS+ Administration log/report problem.

You rigth in regards to the command. It is needed for your NAS to send accounting information to the ACS.

Here's an example of the commands:

aaa accounting exec default start-stop group tacacs+

aaa accounting commands 15 default start-stop group tacacs+

Hope it helps.

mlenco · ‎01-31-2008

That worked on one ASA but I also installed a secondary Authentication utility. I have a second ASA with the new patch loaded but no utility. I will look at it Friday am and see if has entries in the log. If not I will installed the utility. We'll see

pvanvuuren · ‎02-06-2008

Did it work eventually.?