02-08-2010 01:58 PM - edited 03-10-2019 04:56 PM
I am running a Windows box with ACS 4.1 on it and I have all my routers and switches authentication to it. Recently I was assigned a task to set up a service that would log commands that are input into my devices. Is it possible for the ACS to record that information?
Paul
02-08-2010 03:59 PM
Hi,
That is simple to do.
Configure the tacacs server on the IOS devices using tacacs-server host x.x.x.x key xxxx. after this you add
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting commands 1 default start-stop group tacacs+
and the IOS device will send all the commands to the tacacs server, on the ACS 4.1.23 there is a bug that you cannot view those commands please verify that you are not running this version.
the accounting information will be under tacacs administration log.
If you need help please let me know.
Regards,
02-09-2010 06:34 AM
Perfect on the commans, that is exactly what I was looking for. However, I am running the 4.1.23 version of ACS. Have to look into upgrading. I'll check to see what options I have for upgrading.
Thanks,
Paul
02-09-2010 10:40 AM
Hi,
You can apply patch 4 for ACS 4.1.1.23 or you can also upgrade to ACS 4.2. If you are going to upgrade please contact TAC so then can provide you with the required software.
Regards,
02-11-2010 02:19 AM
Hi Paul
If you've been asked to audit the commands being executed on your network devices you might like to know that extraxi aaa-reports! has been built purposely to import ACS logs from multiple ACSs (with mixed versions) to support you in creating management summary reports including graphs, charts, top N users/cmds/groups etc and also detailed activity, security and exception reports.
We've also got a point 'n' click query builder that allows you to create ad-hoc custom reports for forensic analysis plus a web-reporting tool to allow basic filtering and tabular reports with PDF/XLS/CSV export.
Further, you can import the ACS pacakge.cab exported database to create reports like:
Which groups have access to AAA Client XYZ
What commands can a group execute on each AAA Client
See http://www.extraxi.com/audit.htm for more on TACACS+ Device Admin reporting.
Our csvsync log collection client will connect directly to each ACS and pull down new logs (in bulk) and can also request the ACS export its database too. aaa-reports! can then be scheduled to import the new logs and run off report batches - you get the fully graphical report PDFs emailed direct to your inbox.
Take a look at http://www.extraxi.com/aaare.htm for a complete rundown of features. There's a link for our 60 day eval version too. We also offer personalised online meetings to help potential customers get the software fully configured so you get the most out of the trial.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: