Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

AAA Accounting on Routers

Hey guys,

I am looking for some help in setting up my router to where it reports to my CSACS all commands executed by users. For example, I login as the user bbaggins and I make changes to an ACL configuration, is there a way for the commands I typed in to be logged by the ACS?

Thanks for your help.

1 ACCEPTED SOLUTION

Accepted Solutions

Re: AAA Accounting on Routers

You need to set up tacacs for that. Here are the commands.

aaa accounting exec default start-stop group tacacs+

aaa accounting commands 1 default start-stop group tacacs+

aaa accounting commands 15 default start-stop group tacacs+

Command accounting logs are stored in tacacs administration logs. Also there is a known issue on ver 4.1.1 and we need to apply patch ACS 4.1.1.23.5 to fix the issue.

Patch for appliance is available on

http://www.cisco.com/cgi-bin/tablebuild.pl/acs-soleng-3des

Patch name : ACS SE 4.1.1.23.5 accumulative patch

Patch for acs windows is available on

http://www.cisco.com/cgi-bin/tablebuild.pl/acs-win-3des

Patch Name : ACS 4.1.1.23.5 accumulative patch

Regards,

~JG

Do rate helpful posts

4 REPLIES

Re: AAA Accounting on Routers

You need to set up tacacs for that. Here are the commands.

aaa accounting exec default start-stop group tacacs+

aaa accounting commands 1 default start-stop group tacacs+

aaa accounting commands 15 default start-stop group tacacs+

Command accounting logs are stored in tacacs administration logs. Also there is a known issue on ver 4.1.1 and we need to apply patch ACS 4.1.1.23.5 to fix the issue.

Patch for appliance is available on

http://www.cisco.com/cgi-bin/tablebuild.pl/acs-soleng-3des

Patch name : ACS SE 4.1.1.23.5 accumulative patch

Patch for acs windows is available on

http://www.cisco.com/cgi-bin/tablebuild.pl/acs-win-3des

Patch Name : ACS 4.1.1.23.5 accumulative patch

Regards,

~JG

Do rate helpful posts

New Member

Re: AAA Accounting on Routers

You are the man. I had it setup and didn't realize it was under Administration. Thanks so much for your help.

New Member

Re: AAA Accounting on Routers

One last question.....

do I need "aaa accounting commands 1 default start-stop group tacacs+" and "aaa accounting commands 15 default start-stop group tacacs"? What for?

Re: AAA Accounting on Routers

aaa accounting commands 1 default start-stop group tacacs+

That is to log accounting for Priv 1 command

aaa accounting commands 15 default start-stop group tacacs"

That is to log accounting for Priv 15 command

Regards,

~JG

Do rate helpful posts

163
Views
0
Helpful
4
Replies
CreatePlease to create content