Solved: Exclude specific user from ACS logging ?

yvon_delgrange · ‎03-04-2010

Hi,

.

My customer and I are looking for a way to exclude actions/commands logging on AAA servers (ACS) for a single specific user, though logging still goes on for other users as AAA clients on networks devices have been configured with:

.

aaa accounting commands start-stop tacacs+

.

I have not found any solution up to now, either on the ACS side, either on the IOS side and aaa commands.

.

(Though it looks like a potential security issue), can anyone advise?

.

Thanks for your cooperation.

Yvon.

jedubois · ‎03-04-2010

Yvon,

No you can not exclude a single user from logging. Accounting is a global command.

I take it you probably have a script that is generating a large amount of logging data?

--Jesse

View solution in original post

jedubois · ‎03-04-2010

Yvon,

No you can not exclude a single user from logging. Accounting is a global command.

I take it you probably have a script that is generating a large amount of logging data?

--Jesse

yvon_delgrange · ‎03-05-2010

Jesse,

Thanks for the confirmation.

I do not really know what is behind this request, but I'll try to understand.

I guess for for this time, we'll live with this situation.

Thanks again. Yvon.

jrabinow · ‎03-06-2010

ACS 5.1 has the concept of collection filters which I think can do what you are looking for

See: http://www.cisco.com/en/US/partner/docs/net_mgmt/cisco_secure_access_control_system/5.1/user/guide/viewer_sys_ops.html#wp1072344

yvon_delgrange · ‎03-11-2010

Thanks for pointing that out to me. I will have a closer look at this feature.