My customer and I are looking for a way to exclude actions/commands logging on AAA servers (ACS) for a single specific user, though logging still goes on for other users as AAA clients on networks devices have been configured with:
aaa accounting commands start-stop tacacs+
I have not found any solution up to now, either on the ACS side, either on the IOS side and aaa commands.
(Though it looks like a potential security issue), can anyone advise?
Thanks for your cooperation.
No you can not exclude a single user from logging. Accounting is a global command.
I take it you probably have a script that is generating a large amount of logging data?