Capturing commands using aaa accounting

Answered Question
Jul 23rd, 2008

Which aaa accounting command would capture all commands that are typed by an authenticated administrator on a Cisco Switch or router?

I have configured the following, but am not getting any output:

aaa accounting commands 0 default start-stop group tacacs+

I am logging the output to a Cisco ACS Server who is running tacacs+

I have this problem too.
0 votes
Correct Answer by Richard Burts about 8 years 6 months ago

Kevin

You need to have a separate aaa accounting command for each privilege level for which you want to log commands. So for user level commands you would use:

aaa accounting commands 1 default start-stop group tacacs+

and for privilege mode commands use:

aaa accounting commands 15 default start-stop group tacacs+

As you have discovered logging commands at privilege level 0 is not particularly effective. If you have configured other privilege levels on your router then you would need additional accounting commands for each of those levels.

HTH

Rick

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Richard Burts Wed, 07/23/2008 - 12:29

Kevin

You need to have a separate aaa accounting command for each privilege level for which you want to log commands. So for user level commands you would use:

aaa accounting commands 1 default start-stop group tacacs+

and for privilege mode commands use:

aaa accounting commands 15 default start-stop group tacacs+

As you have discovered logging commands at privilege level 0 is not particularly effective. If you have configured other privilege levels on your router then you would need additional accounting commands for each of those levels.

HTH

Rick

Actions

This Discussion