Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

AAA help please

I am trying to get a notification via syslog when someone enters configuration changes on a switch.

I am using 12.4 ios with AAA and ACS.

I know that I can see this information under the acs reports but I'd like it in syslog also.

I have tried the following methods:

1. I have configured the switch to send a syslog trap when a configuration change is made but there is very little inforamtion in it.

A start/stop record time of the configuration change would be good.

2. I am able to create an exec start/stop record and that gets sent to the syslog.

I do not want this as it shows everytime a user logs onto a device.

3. I can use ACS to generate a syslog on AAA accounting or administrator but this shows a syslog everytime a users enters a show commands and not just configuation commands.

1 REPLY
New Member

Re: AAA help please

Hi,

If everything that you need is to know when a command has been executed you need to have the following commands on the switch.

aaa accounting commands 15 default start-stop group tacacs+

aaa accounting commands 1 default start-stop group tacacs+

You already have aaa accounting commands 15 default start-stop group tacacs+, you are just missing aaa accounting commands 1 default start-stop group tacacs+

Once those commands are apply on the switch you should see the commands on the ACS under tacacs administration. If the commands don't show on the ACS let me know.

What ACS version are you running? If you are running ACS version 4.1.1.23 a upgrade is need it.

If you have any other question do not hesitate to reply back.

122
Views
0
Helpful
1
Replies