AAA help please

Unanswered Question
Aug 17th, 2009

I am trying to get a notification via syslog when someone enters configuration changes on a switch.

I am using 12.4 ios with AAA and ACS.

I know that I can see this information under the acs reports but I'd like it in syslog also.

I have tried the following methods:

1. I have configured the switch to send a syslog trap when a configuration change is made but there is very little inforamtion in it.

A start/stop record time of the configuration change would be good.

2. I am able to create an exec start/stop record and that gets sent to the syslog.

I do not want this as it shows everytime a user logs onto a device.

3. I can use ACS to generate a syslog on AAA accounting or administrator but this shows a syslog everytime a users enters a show commands and not just configuation commands.

Attachment: 
I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Erick Delgado Tue, 08/18/2009 - 16:43

Hi,

If everything that you need is to know when a command has been executed you need to have the following commands on the switch.

aaa accounting commands 15 default start-stop group tacacs+

aaa accounting commands 1 default start-stop group tacacs+

You already have aaa accounting commands 15 default start-stop group tacacs+, you are just missing aaa accounting commands 1 default start-stop group tacacs+

Once those commands are apply on the switch you should see the commands on the ACS under tacacs administration. If the commands don't show on the ACS let me know.

What ACS version are you running? If you are running ACS version 4.1.1.23 a upgrade is need it.

If you have any other question do not hesitate to reply back.

Actions

This Discussion