05-20-2008 09:18 AM - edited 03-03-2019 10:01 PM
Hello everyone, I want to know everything about the remote session in my routers and switches so I want to know if there is a way to send to my syslog server the following information:
1- The end of session or logout with the username, (Currently I know the log-on info with archive command)
2- The amount of information transmited and received during the session.
3- Interface the user used to logon to the router or switch.
Thanks in advanced.
Solved! Go to Solution.
05-22-2008 02:47 AM
You need to use accounting in addition to authentication with your ACS
http://www.cisco.com/en/US/docs/ios/11_3/security/configuration/guide/scradius.html#wp20745
Narayan
05-20-2008 09:39 AM
With a AAA server such as Cisco ACS, you can achieve 1 & 3. I'm not sure I understand #2, are you looking for the commands entered (which ACS can do) or the amount of data transfered over the TTY line? All of this data can be forwarded to your syslog server or viewed directly in ACS.
Hope that helps.
05-21-2008 02:28 PM
Thanks for your answer, cuould you please tell me the right IOS commands to get this info or any configuration cue in ACS to get that?
I have the ACS 4.1 and I have these IOS commands just for authentication:
aaa authentication login XXXX group radius
aaa authentication login XXXX local-case
aaa authentication enable default group radius enable
The fields in the ACS Passed Authentication reports are:
Date Time User-Name Message-Type Group-Name Caller-ID NAS-Port NAS-IP-Address Network Access Profile Name Shared RAC Downloadable ACL System-Posture-Token Application-Posture-Token Reason EAP Type EAP Type Name PEAP/EAP-FAST-Clear-Name Access Device Network Device Group
And if you see I do not received what I want juest the the log-on info.
on other hand I have the syslog server which received everthing I type and other information from this IOS commands.
archive
log config
logging enable
logging size 200
notify syslog contenttype plaintext
hidekeys
logging trap notifications
logging source-interface Vlan117
logging 10.32.0.132
However these neither give what I'm looking for. With regards your question is the amount of data transfered over the TTY line.
Thank you.
05-22-2008 02:47 AM
You need to use accounting in addition to authentication with your ACS
http://www.cisco.com/en/US/docs/ios/11_3/security/configuration/guide/scradius.html#wp20745
Narayan
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: