02-02-2008 10:08 PM - edited 03-05-2019 08:54 PM
we are trying to monitor what our network engineers enter as commands when configuring cisco devices. so we think the best solution is to use accounting feature.
when configuring aaa (accounting):
router(config)#aaa accounting commands ?
<0-15> Enable level
we tried with privilege 15, but we only get logged commands entered in # mode: commands in config mode and in interface mode are not logged to taccacs server!
is there a way to resolve this?
02-03-2008 07:43 AM
> is there a way to resolve this?
You need to enable accounting for exec as well.
http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124cr/hsec_r/sec_a1h.htm#wp1155873
HTH,
__
Edison.
02-03-2008 09:27 AM
Configure the following commands to get the accounting details for all the privilege levels
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 1 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
The default will apply the config to all lines. If you have a method list defined use it in place of the default
HTH
Narayan
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: