×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

AAA Accounting report not showing commands issued.

Answered Question
Jan 5th, 2007
User Badges:

Hello all, I am having trouble with AAA accounting on my ACS appliance 4.0. When I view the accounting log it lists connections, protocols and IP addresses but not the commands that have been run on the particular switch. When I do debug AAA accounting I do see ouput but when I debug Tacacs accounting I don't see anything. An exammple of my config is:

aaa new-model

aaa group server tacacs+ ACS

server [ip addresss here]

server [ip addresss here]

aaa accounting exec default start-stop group ACS

aaa accounting commands 0 start-stop group ACS

aaa accounting commands 15 start-stop group ACS

tacacs-server key [key here].

I've left out the authentication part of the config (on the above example) as this is working fine.

Anyone any ideas why the actual commands are not being captured on the ACS?

Thanks in advance.

Correct Answer by mstannard about 10 years 7 months ago

In ACS, the Command Accounting is logged to the TACACS+ Administration log not the TACACS+ Accounting log! Don't ask me why, it just is. At least it is on mine and took me a while to discover as well.


Hope this helps


Regards


Mike

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
royalblues Fri, 01/05/2007 - 10:01
User Badges:
  • Green, 3000 points or more

Hi Paul,


Make sure you have the following commands under the vty interfaces of the devices


line vty 0 4

accounting connection

accounting commands 1

accounting commands 15

accounting exec


HTH, rate if it does

Narayan


network.king Sat, 01/06/2007 - 05:30
User Badges:
  • Silver, 250 points or more

Hi


Can u include the default under the accounting commands and check


aaa accounting commands 15 default start-stop group ACS


Hope this helps


regards

vanesh k

paulhowlett_2 Mon, 01/08/2007 - 06:43
User Badges:

Hi, I've entered the commands (on a Catalyst 4948)but they [commands] don't show in the config.

I have also entered the 'default' command as suggested too. Still nothing under the 'cmd', 'cmd-arg'or 'event' in the ACS appliance Accounting log.

Thanks.

mstannard Tue, 01/09/2007 - 03:05
User Badges:

In ACS, the Command Accounting is logged to the TACACS+ Administration log not the TACACS+ Accounting log! Don't ask me why, it just is. At least it is on mine and took me a while to discover as well.


Hope this helps


Regards


Mike

Correct Answer
mstannard Tue, 01/09/2007 - 03:18
User Badges:

In ACS, the Command Accounting is logged to the TACACS+ Administration log not the TACACS+ Accounting log! Don't ask me why, it just is. At least it is on mine and took me a while to discover as well.


Hope this helps


Regards


Mike

paulhowlett_2 Tue, 01/09/2007 - 07:53
User Badges:

You are spot on! I expected it to be in the accounting log but - the obvious place I would have thought. Thank you.

Actions

This Discussion