AAA accouting (commands information)

nareh84 · ‎08-05-2009

hi,

Currently i am using aaa accouting for 3560 switches with ACS4.1 solution engine. I want to log the IOS commands entered. I have chosen the "cmd" and "cmd-arg" field in the CSV and syslog (tacacs+ accounting), these field are empty (..) when the csv record is seen on the ACS server and syslog server. Can some body tell how i can log the commands entered after the authentication with ACS is successful.

Regards

Naresh

Jagdeep Gambhir · ‎08-06-2009

Naresh,

Command accounting only works with tacacs and not with radius. Make sure we are using tacacs.

Here are the command you need on IOS

aaa accounting exec default start-stop group tacacs+

aaa accounting commands 1 aaa-list start-stop group tacacs+

aaa accounting commands 15 aaa-list start-stop group tacacs+

These logs are stored in tacacs administration report, so make sure you are checking the correct head.

Still it is not working then check acs code. Incase it is 4.1.1 then you need to apply patch 5 to fix it.

To download patch for appliance,

http://www.cisco.com/cgi-bin/tablebuild.pl/acs-soleng-3des

For windows

http://www.cisco.com/cgi-bin/tablebuild.pl/acs-win-3des

Regards,

~JG

Do rate helpful posts

nareh84 · ‎08-06-2009

hi,

i wrote the above mentioned commands earlier but was looking tacacs+ accounting link on ACS... The correct link was of tacacs+ administration as mentioned by you. Thanx JG

nareh84 · ‎08-10-2009

hi,

I tested the tacacs+ administration on ACS 4.2 (successful testing). But when i went to client site and enabled tacacs+ administration, it was not working. The commands are not shown on the csv file as well as on syslog server. The client is using ACS solution engine 4.1. JS you mentioned the ACS code 4.1.1 , u were asking for the version of acs or any error code. How i can get the acs code.

Regards

Naresh