03-04-2010 08:34 AM - edited 03-10-2019 04:59 PM
Hi,
.
My customer and I are looking for a way to exclude actions/commands logging on AAA servers (ACS) for a single specific user, though logging still goes on for other users as AAA clients on networks devices have been configured with:
.
aaa accounting commands start-stop tacacs+
.
I have not found any solution up to now, either on the ACS side, either on the IOS side and aaa commands.
.
(Though it looks like a potential security issue), can anyone advise?
.
Thanks for your cooperation.
Yvon.
Solved! Go to Solution.
03-04-2010 10:50 AM
Yvon,
No you can not exclude a single user from logging. Accounting is a global command.
I take it you probably have a script that is generating a large amount of logging data?
--Jesse
03-04-2010 10:50 AM
Yvon,
No you can not exclude a single user from logging. Accounting is a global command.
I take it you probably have a script that is generating a large amount of logging data?
--Jesse
03-05-2010 08:38 AM
Jesse,
Thanks for the confirmation.
I do not really know what is behind this request, but I'll try to understand.
I guess for for this time, we'll live with this situation.
Thanks again. Yvon.
03-06-2010 11:43 PM
ACS 5.1 has the concept of collection filters which I think can do what you are looking for
03-11-2010 12:43 AM
Thanks for pointing that out to me. I will have a closer look at this feature.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide