03-04-2010 08:34 AM - edited 03-10-2019 04:59 PM
Hi,
.
My customer and I are looking for a way to exclude actions/commands logging on AAA servers (ACS) for a single specific user, though logging still goes on for other users as AAA clients on networks devices have been configured with:
.
aaa accounting commands start-stop tacacs+
.
I have not found any solution up to now, either on the ACS side, either on the IOS side and aaa commands.
.
(Though it looks like a potential security issue), can anyone advise?
.
Thanks for your cooperation.
Yvon.
Solved! Go to Solution.
03-04-2010 10:50 AM
Yvon,
No you can not exclude a single user from logging. Accounting is a global command.
I take it you probably have a script that is generating a large amount of logging data?
--Jesse
03-04-2010 10:50 AM
Yvon,
No you can not exclude a single user from logging. Accounting is a global command.
I take it you probably have a script that is generating a large amount of logging data?
--Jesse
03-05-2010 08:38 AM
Jesse,
Thanks for the confirmation.
I do not really know what is behind this request, but I'll try to understand.
I guess for for this time, we'll live with this situation.
Thanks again. Yvon.
03-06-2010 11:43 PM
ACS 5.1 has the concept of collection filters which I think can do what you are looking for
03-11-2010 12:43 AM
Thanks for pointing that out to me. I will have a closer look at this feature.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: