Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Detailed Logging

I am running RADIUS on Windows 2003 Enterprise server and configured the 3725 router for AAA. The AAA/RADIUS is working fine, but the detailed logging in Windows seems to be very limitted. Does anyone know if there's any other tools that can capture more detailed logging per user session? Currently, the user event is logged in the Windows Systems Event and the RADIUS log.

aaa new-model

!

!

aaa group server radius PPRADIUS

server 192.168.1.110 auth-port 1645 acct-port 1646

server 192.168.1.66 auth-port 1645 acct-port 1646

!

aaa authentication login default group PPRADIUS local

aaa authorization config-commands

aaa authorization exec default if-authenticated

aaa authorization network default group PPRADIUS local

aaa accounting exec default start-stop group radius

aaa accounting network default start-stop group radius

aaa accounting connection default start-stop group radius

aaa accounting system default start-stop group radius

radius-server attribute 6 on-for-login-auth

radius-server host 192.168.1.110 auth-port 1645 acct-port 1646

radius-server host 192.168.1.66 auth-port 1645 acct-port 1646

radius-server retransmit 0

radius-server key 7 xxxxxxxxxxxxxx

TIA -

Hieu

5 REPLIES
Hall of Fame Super Silver

Re: Detailed Logging

Hieu

If you want more detailed logging then I suggest that you add this to the configuration:

aaa accounting commands 15 default start-stop group radius

This will generate a log message for every privilege level command that is issued.

HTH

Rick

New Member

Re: Detailed Logging

Thanks for your repsonse, Rick. I'll try it out.

Hieu

New Member

Re: Detailed Logging

Rick -

I've created a radius group called PPRADIUS and included 2 RADIUS servers in this group: 192.168.1.110, 192.168.1.66.

This is the command that I type in my router " aaa authentication commands 15 default start-stop group PPRADIUS", then did a wr mem, but it didn't show up when issuing the command sh run.

Also, sh logging gives me the following info, but is there a way for me to view its logging content..

km_ro#sh logging

Syslog logging: enabled (12 messages dropped, 0 messages rate-limited,

0 flushes, 0 overruns, xml disabled, filtering disabled)

Console logging: level debugging, 4751 messages logged, xml disabled,

filtering disabled

Monitor logging: level debugging, 0 messages logged, xml disabled,

filtering disabled

Buffer logging: disabled, xml disabled,

filtering disabled

Logging Exception size (4096 bytes)

Count and timestamp logging messages: disabled

No active filter modules.

Trap logging: level informational, 193 message lines logged

Logging to 192.168.1.110 (udp port 514, audit disabled, link up), 36 message lines logged, xml disabled,

filtering disabled

thanks for your help.

hieu

Hall of Fame Super Silver

Re: Detailed Logging

hieu

I think that you may have mistyped the command. Your post says that you entered:

aaa authentication commands 15 default start-stop group PPRADIUS

but it is not an authentication command. It should have been:

aaa accounting commands 15 default start-stop group PPRADIUS

Also the logging that this command will do is to the radius server(s) and not to syslog. The show logging command that you entered is about syslog. It indicates that syslog messages are sent to the console (you can see them if you have a terminal connected to the console port) and it shows that if you have telnetted to the box and have entered the terminal monitor command that you will see copies of the syslog messages on your remote terminal. It indicates that you have disabled logging to the logging buffer and have disabled sending syslog messages to any external syslog server.

HTH

Rick

New Member

Re: Detailed Logging

Rick - Yes, it was a typo error..this is actually what I had typed:

km_ro(config)#aaa accounting commands 15 default start-stop group ?

WORD Server-group name

tacacs+ Use list of all Tacacs+ hosts.

km_ro(config)#aaa accounting commands 15 default start-stop group PPRADIUS

Issuing "show run" doesn't display the above command line.... very strange...

aaa new-model

!

!

aaa group server radius PPRADIUS

server 192.168.1.110 auth-port 1645 acct-port 1646

server 192.168.1.66 auth-port 1645 acct-port 1646

!

aaa authentication banner ^C Kearny Mesa Router^C

aaa authentication login default group PPRADIUS local

aaa authorization config-commands

aaa authorization exec default if-authenticated

aaa authorization network default group PPRADIUS local

aaa accounting exec default start-stop group radius

aaa accounting network default start-stop group radius

aaa accounting connection default start-stop group radius

aaa accounting system default start-stop group radius

!

Thanks for all of your help.

hieu

363
Views
0
Helpful
5
Replies