08-05-2009 10:32 PM - edited 03-10-2019 04:38 PM
hi,
Currently i am using aaa accouting for 3560 switches with ACS4.1 solution engine. I want to log the IOS commands entered. I have chosen the "cmd" and "cmd-arg" field in the CSV and syslog (tacacs+ accounting), these field are empty (..) when the csv record is seen on the ACS server and syslog server. Can some body tell how i can log the commands entered after the authentication with ACS is successful.
Regards
Naresh
08-06-2009 05:40 AM
Naresh,
Command accounting only works with tacacs and not with radius. Make sure we are using tacacs.
Here are the command you need on IOS
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 1 aaa-list start-stop group tacacs+
aaa accounting commands 15 aaa-list start-stop group tacacs+
These logs are stored in tacacs administration report, so make sure you are checking the correct head.
Still it is not working then check acs code. Incase it is 4.1.1 then you need to apply patch 5 to fix it.
To download patch for appliance,
http://www.cisco.com/cgi-bin/tablebuild.pl/acs-soleng-3des
For windows
http://www.cisco.com/cgi-bin/tablebuild.pl/acs-win-3des
Regards,
~JG
Do rate helpful posts
08-06-2009 11:23 PM
hi,
i wrote the above mentioned commands earlier but was looking tacacs+ accounting link on ACS... The correct link was of tacacs+ administration as mentioned by you. Thanx JG
08-10-2009 10:14 PM
hi,
I tested the tacacs+ administration on ACS 4.2 (successful testing). But when i went to client site and enabled tacacs+ administration, it was not working. The commands are not shown on the csv file as well as on syslog server. The client is using ACS solution engine 4.1. JS you mentioned the ACS code 4.1.1 , u were asking for the version of acs or any error code. How i can get the acs code.
Regards
Naresh
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: