Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

A little help with ACS-users logged in, admin/acct reports

Hi -

I just started using ACS. I wasn't part of the set up so and there isn't

anyone I can ask about this. I have couple of questions which are

probably pretty simple but I don't see the answers in the docs.

My config is this:

username blah password blahblah

aaa new-model

aaa group server tacacs+ acs-servername

server x.x.x.x (ip of our acs server)

!

aaa authentication login default group tacacs+ local

aaa authorization exec default group tacacs+ local

aaa accounting update newinfo

aaa accounting commands 0 default start-stop group taca

aaa accounting commands 15 default start-stop group tac

aaa accounting connection default start-stop group taca

aaa accounting system default start-stop group tacacs+

The first question has to do with the Logged In Users report.

When I look in the reports area, there are a couple of reports

that I think should have data but are empty. Logged-in users

is always empty, even when I'm logged into our AAA test network

device.

The second question has to do with the TACACS+ accounting

and administration reports. The various commands executed

on the network device are showing up in the Admin log, not

Accounting. Is this the way it's supposed to be?

I have 2 accounting command statements. My intention was

to log all 0 level as well as 15 level commands. Is this

the right approach? By using the bottom and top values,

I hoped the commands would be inclusive for the range. Is

that a viable solution?

Also, as you look at the config above, feel free to nit-pick any

inconsistencies you see.

Thanks for your help.

Kim

1 REPLY
New Member

Re: A little help with ACS-users logged in, admin/acct reports

Hello Kim,

For the Logged In Users report to work you should add exec accounting to your config:

aaa accounting exec default start-stop group tacacs+

You're right, CSACS places the command accounting in a separate report.

Martin

140
Views
0
Helpful
1
Replies
CreatePlease to create content