Problem for see accounting in ACS 4.1

Unanswered Question
Mar 19th, 2009
User Badges:

Hello,


I have ACS 4.1 and i've configured aaa in a Router, my problem is that I can't see the accounting in ACS for example i want to know that has done the users for example if an user type show runn, conf ter, shutdown in the interface. actually my aaa configuration is:


How i can see the accounting?? in the acs?? in acs 3.3.3 I can see the accounting, but in this version nothing.


version 12.4

hostname Router_Lab

!

boot-start-marker

boot-end-marker

!

enable secret 5 $1$051s$Few6cFXNT6T0TdAZqHkNu.

!

aaa new-model

!

aaa authentication login default group tacacs+ local

aaa authentication enable default enable

aaa authorization config-commands

aaa authorization exec default group tacacs+ local

aaa authorization commands 1 default group tacacs+ local

aaa authorization commands 15 default group tacacs+ local

aaa accounting exec default start-stop group tacacs+

aaa accounting commands 1 default start-stop group tacacs+

aaa accounting commands 15 default start-stop group tacacs+

aaa accounting connection default start-stop group tacacs+

aaa accounting system default start-stop group tacacs+

!

aaa session-id common

!

resource policy

!

ip subnet-zero

ip cef

!

username admin password 0 cisco123

!

interface FastEthernet0/0

ip address 172.20.0.1 255.255.255.0

duplex full

speed 100

!

snmp-server community adexus123 RW

snmp-server host 172.20.0.100 adexus123

!

tacacs-server host 172.20.0.11 key cisco123

tacacs-server timeout 3

tacacs-server directed-request


my logs when I put show running-config


Router_Lab#

*Mar 19 18:42:59.599: AAA: parse name=tty2 idb type=-1 tty=-1

*Mar 19 18:42:59.599: AAA: name=tty2 flags=0x11 type=5 shelf=0 slot=0 adapter=0 port=2 channel=0

*Mar 19 18:42:59.603: AAA/MEMORY: create_user (0x654D1F28) user='adexus' ruser='Router_Lab' ds0=0 port='tty2' rem_addr='172.20.0.100' authen_type=ASCII service=NONE priv=15 initial_task_id='0', vrf= (id=0)

*Mar 19 18:42:59.607: tty2 AAA/AUTHOR/CMD(3705108292): Port='tty2' list='' service=CMD

*Mar 19 18:42:59.611: AAA/AUTHOR/CMD: tty2(3705108292) user='adexus'

*Mar 19 18:42:59.611: tty2 AAA/AUTHOR/CMD(3705108292): send AV service=shell

*Mar 19 18:42:59.615: tty2 AAA/AUTHOR/CMD(3705108292): send AV cmd=show

*Mar 19 18:42:59.615: tty2 AAA/AUTHOR/CMD(3705108292): send AV cmd-arg=running-config

*Mar 19 18:42:59.619: tty2 AAA/AUTHOR/CMD(3705108292): send AV cmd-arg=<cr>

*Mar 19 18:42:59.619: tty2 AAA/AUTHOR/CMD(3705108292): found list "default"

*Mar 19 18:42:59.623: tty2 AAA/AUTHOR/CMD(3705108292): Method=tacacs+ (tacacs+)

*Mar 19 18:42:59.627: AAA/AUTHOR/TAC+: (3705108292): user=adexus

*Mar 19 18:42:59.627: AAA/AUTHOR/TAC+: (3705108292): send AV service=shell

*Mar 19 18:42:59.627: AAA/AUTHOR/TAC+: (3705108292): send AV cmd=show

*Mar 19 18:42:59.631: AAA/AUTHOR/TAC+: (3705108292): send AV cmd-arg=running-config

*Mar 19 18:42:59.631: AAA/AUTHOR/TAC+: (3705108292): send AV cmd-arg=<cr>

*Mar 19 18:42:59.875: AAA/AUTHOR (3705108292): Post authorization status = PASS_ADD

*Mar 19 18:42:59.875: AAA/MEMORY: free_user (0x654D1F28) user='adexus' ruser='Router_Lab' port='tty2' rem_addr='172.20.0.100' authen_type=ASCII service=NONE priv=15 vrf= (id=0)




  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Vinay Sharma Mon, 04/13/2009 - 10:25
User Badges:
  • Gold, 750 points or more

Hi,


Thanks for the info. Their is a know bug for command accounting in ACS v4.1 and it is fixed in cumulative patch 5. The patch is available at cisco.com. make sure you take the backup before applying the patch. CSCsg97429 TACACS+ Command Accounting does not work in ACS 4.1(1) Build 23.

sachinga.hcl Tue, 04/14/2009 - 10:55
User Badges:
  • Silver, 250 points or more

Hi Vinashar,


This issue occurs due to the presence of Cisco bug ID CSCsg97429.



No accounting records appear in the Terminal Access Controller Access Control System (TACACS+) Administration log file.


The problem starts when command Accounting is configured on the Network Attached Storage (NAS). After commands are entered on the NAS, no records appear in the TACACS+ Administration log file.


Debugs on the NAS show the records are sent, and they do arrive at the ACS, but the appropriate log file fails to update.


With ACS logging set to Full in System Configuration > Service Control, the log file of the CSLog service shows these entries each time a command is entered on the NAS:


12/06/2006 14:22:52 U 5111 2608 Handling message at 0x010A7FF8 (339 bytes)

12/06/2006 14:22:52 A 0000 0960 Logger CSV TACACS+ Accounting: filter denies logging

Resolution For a workaround:






Download and install these patches from Cisco Downloads:



CiscoSecure ACS for Microsoft Windows



Acs_4.1.1.23.5-SW.zip?ACS 4.1.1.23.1 accumulative patch


Actions

This Discussion