can you set up ACS to log commands

Unanswered Question
Feb 8th, 2010

I am running a Windows box with ACS 4.1 on it and I have all my routers and switches authentication to it.  Recently I was assigned a task to set up a service that would log commands that are input into my devices.  Is it possible for the ACS to record that information?

Paul

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Erick Delgado Mon, 02/08/2010 - 15:59

Hi,

That is simple to do.

Configure the tacacs server on the IOS devices using tacacs-server host x.x.x.x key xxxx. after this you add

aaa accounting commands 15 default start-stop group tacacs+

aaa accounting commands 1 default start-stop group tacacs+

and the IOS device will send all the commands to the tacacs server, on the ACS 4.1.23 there is a bug that you cannot view those commands please verify that you are not running this version.

the accounting information will be under tacacs administration log.

If you need help please let me know.

Regards,

pweinstein Tue, 02/09/2010 - 06:34

Perfect on the commans, that is exactly what I was looking for.  However, I am running the 4.1.23 version of ACS.  Have to look into upgrading.  I'll check to see what options I have for upgrading.

Thanks,

Paul

Erick Delgado Tue, 02/09/2010 - 10:40

Hi,

You can apply patch 4 for ACS 4.1.1.23 or you can also upgrade to ACS 4.2. If you are going to upgrade please contact TAC so then can provide you with the required software.

Regards,

darpotter Thu, 02/11/2010 - 02:19

Hi Paul

If you've been asked to audit the commands being executed on your network devices you might like to know that extraxi aaa-reports! has been built purposely to import ACS logs from multiple ACSs (with mixed versions) to support you in creating management summary reports including graphs, charts, top N users/cmds/groups etc and also detailed activity, security and exception reports.

We've also got a point 'n' click query builder that allows you to create ad-hoc custom reports for forensic analysis plus a web-reporting tool to allow basic filtering and tabular reports with PDF/XLS/CSV export.

Further, you can import the ACS pacakge.cab exported database to create reports like:

Which groups have access to AAA Client XYZ

What commands can a group execute on each AAA Client

See http://www.extraxi.com/audit.htm for more on TACACS+ Device Admin reporting.

Our csvsync log collection client will connect directly to each ACS and pull down new logs (in bulk) and can also request the ACS export its database too. aaa-reports! can then be scheduled to import the new logs and run off report batches - you get the fully graphical report PDFs emailed direct to your inbox.

Take a look at http://www.extraxi.com/aaare.htm for a complete rundown of features. There's a link for our 60 day eval version too. We also offer personalised online meetings to help potential customers get the software fully configured so you get the most out of the trial.

Actions

This Discussion