Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

A little help with ACS-users logged in, admin/acct reports

Hi -

I just started using ACS. I wasn't part of the set up so and there isn't

anyone I can ask about this. I have couple of questions which are

probably pretty simple but I don't see the answers in the docs.

My config is this:

username blah password blahblah

aaa new-model

aaa group server tacacs+ acs-servername

server x.x.x.x (ip of our acs server)


aaa authentication login default group tacacs+ local

aaa authorization exec default group tacacs+ local

aaa accounting update newinfo

aaa accounting commands 0 default start-stop group taca

aaa accounting commands 15 default start-stop group tac

aaa accounting connection default start-stop group taca

aaa accounting system default start-stop group tacacs+

The first question has to do with the Logged In Users report.

When I look in the reports area, there are a couple of reports

that I think should have data but are empty. Logged-in users

is always empty, even when I'm logged into our AAA test network


The second question has to do with the TACACS+ accounting

and administration reports. The various commands executed

on the network device are showing up in the Admin log, not

Accounting. Is this the way it's supposed to be?

I have 2 accounting command statements. My intention was

to log all 0 level as well as 15 level commands. Is this

the right approach? By using the bottom and top values,

I hoped the commands would be inclusive for the range. Is

that a viable solution?

Also, as you look at the config above, feel free to nit-pick any

inconsistencies you see.

Thanks for your help.


New Member

Re: A little help with ACS-users logged in, admin/acct reports

Hello Kim,

For the Logged In Users report to work you should add exec accounting to your config:

aaa accounting exec default start-stop group tacacs+

You're right, CSACS places the command accounting in a separate report.


CreatePlease to create content