Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
943
Views
0
Helpful
6
Replies

AAA Accounting report not showing commands issued.

Go to solution
paulhowlett_2
Level 1
Level 1

‎01-05-2007 04:09 AM - edited ‎03-10-2019 02:54 PM

Hello all, I am having trouble with AAA accounting on my ACS appliance 4.0. When I view the accounting log it lists connections, protocols and IP addresses but not the commands that have been run on the particular switch. When I do debug AAA accounting I do see ouput but when I debug Tacacs accounting I don't see anything. An exammple of my config is:

aaa new-model

aaa group server tacacs+ ACS

server [ip addresss here]

server [ip addresss here]

aaa accounting exec default start-stop group ACS

aaa accounting commands 0 start-stop group ACS

aaa accounting commands 15 start-stop group ACS

tacacs-server key [key here].

I've left out the authentication part of the config (on the above example) as this is working fine.

Anyone any ideas why the actual commands are not being captured on the ACS?

Thanks in advance.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
mstannard
Level 1
Level 1
In response to paulhowlett_2

‎01-09-2007 03:18 AM

In ACS, the Command Accounting is logged to the TACACS+ Administration log not the TACACS+ Accounting log! Don't ask me why, it just is. At least it is on mine and took me a while to discover as well.

Hope this helps

Regards

Mike

View solution in original post

0 Helpful
6 Replies 6

Go to solution
royalblues
Level 10
Level 10

‎01-05-2007 10:01 AM

Hi Paul,

Make sure you have the following commands under the vty interfaces of the devices

line vty 0 4

accounting connection

accounting commands 1

accounting commands 15

accounting exec

HTH, rate if it does

Narayan

0 Helpful

Go to solution
network.king
Level 4
Level 4
In response to royalblues

‎01-06-2007 05:30 AM

Hi

Can u include the default under the accounting commands and check

aaa accounting commands 15 default start-stop group ACS

Hope this helps

regards

vanesh k

0 Helpful

Go to solution
paulhowlett_2
Level 1
Level 1
In response to royalblues

‎01-08-2007 06:43 AM

Hi, I've entered the commands (on a Catalyst 4948)but they [commands] don't show in the config.

I have also entered the 'default' command as suggested too. Still nothing under the 'cmd', 'cmd-arg'or 'event' in the ACS appliance Accounting log.

Thanks.

0 Helpful

Go to solution
mstannard
Level 1
Level 1
In response to paulhowlett_2

‎01-09-2007 03:05 AM

In ACS, the Command Accounting is logged to the TACACS+ Administration log not the TACACS+ Accounting log! Don't ask me why, it just is. At least it is on mine and took me a while to discover as well.

Hope this helps

Regards

Mike

0 Helpful

Go to solution
mstannard
Level 1
Level 1
In response to paulhowlett_2

‎01-09-2007 03:18 AM

In ACS, the Command Accounting is logged to the TACACS+ Administration log not the TACACS+ Accounting log! Don't ask me why, it just is. At least it is on mine and took me a while to discover as well.

Hope this helps

Regards

Mike

0 Helpful

Go to solution
paulhowlett_2
Level 1
Level 1
In response to mstannard

‎01-09-2007 07:53 AM

You are spot on! I expected it to be in the accounting log but - the obvious place I would have thought. Thank you.

0 Helpful
Customers Also Viewed These Support Documents