I have Cisco ACS 3.2 on widnows with cisco devices (IOS 12.3) configured with authentication. I need to enable the accounting. I just need the list of commands (changes) made on the cisco device. What is the correct authentication command? Below is the present config.
aaa group server tacacs+ tacgrp
aaa authentication login default group tacacs+ local
aaa authentication login fallback group tacacs+ enable
aaa session-id common
tacacs-server host X.X.X.X
tacacs-server host Y.Y.Y.Y
tacacs-server key 7 XXXXXXXXXXXXXXXXXXX
line con 0
line vty 0 4
There is no accounting for SNMP.
The show snmp command on the router can tell you how many polls where done.
Example of show snmp output:
56224160 SNMP packets input
0 Bad SNMP version errors
38 Unknown community name
0 Illegal operation for community name supplied
0 Encoding errors
268814216 Number of requested variables
112 Number of altered variables
35437579 Get-request PDUs
20781918 Get-next PDUs
24 Set-request PDUs
0 Input queue packet drops (Maximum queue size 1000)
56224122 SNMP packets output
0 Too big errors (Maximum packet size 1500)
15 No such name errors
0 Bad values errors
0 General errors
56219928 Response PDUs
0 Trap PDUs
Also you can set an access-list permitting any for snmp and log the access-list that will have a counter that increments.
There is no such thing as looking in the ACS logs to know how many times snmp was accessed and by which ip address for the simple reason that authorization does not apply to snmp.