02-02-2008 10:08 PM - edited 03-05-2019 08:54 PM
we are trying to monitor what our network engineers enter as commands when configuring cisco devices. so we think the best solution is to use accounting feature.
when configuring aaa (accounting):
router(config)#aaa accounting commands ?
<0-15> Enable level
we tried with privilege 15, but we only get logged commands entered in # mode: commands in config mode and in interface mode are not logged to taccacs server!
is there a way to resolve this?
02-03-2008 07:43 AM
> is there a way to resolve this?
You need to enable accounting for exec as well.
http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124cr/hsec_r/sec_a1h.htm#wp1155873
HTH,
__
Edison.
02-03-2008 09:27 AM
Configure the following commands to get the accounting details for all the privilege levels
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 1 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
The default will apply the config to all lines. If you have a method list defined use it in place of the default
HTH
Narayan
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide