Which aaa accounting command would capture all commands that are typed by an authenticated administrator on a Cisco Switch or router?
I have configured the following, but am not getting any output:
aaa accounting commands 0 default start-stop group tacacs+
I am logging the output to a Cisco ACS Server who is running tacacs+
You need to have a separate aaa accounting command for each privilege level for which you want to log commands. So for user level commands you would use:
aaa accounting commands 1 default start-stop group tacacs+
and for privilege mode commands use:
aaa accounting commands 15 default start-stop group tacacs+
As you have discovered logging commands at privilege level 0 is not particularly effective. If you have configured other privilege levels on your router then you would need additional accounting commands for each of those levels.