Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Exclude specific user from ACS logging ?

Hi,

.

My customer and I are looking for a way to exclude actions/commands logging on AAA servers (ACS) for a single specific user, though logging still goes on for other users as AAA clients on networks devices have been configured with:

.

aaa accounting commands start-stop tacacs+

.

I have not found any solution up to now, either on the ACS side, either on the IOS side and aaa commands.

.

(Though it looks like a potential security issue), can anyone advise?

.

Thanks for your cooperation.

Yvon.

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: Exclude specific user from ACS logging ?

Yvon,

     No you can not exclude a single user from logging.  Accounting is a global command.

     I take it you probably have a script that is generating a large amount of logging data?

--Jesse

4 REPLIES
Cisco Employee

Re: Exclude specific user from ACS logging ?

Yvon,

     No you can not exclude a single user from logging.  Accounting is a global command.

     I take it you probably have a script that is generating a large amount of logging data?

--Jesse

New Member

Re: Exclude specific user from ACS logging ?

Jesse,

Thanks for the confirmation.

I do not really know what is behind this request, but I'll try to understand.

I guess for for this time, we'll live with this situation.

Thanks again. Yvon.

Cisco Employee

Re: Exclude specific user from ACS logging ?

ACS 5.1 has the concept of collection filters which I think can do what you are looking for

See: http://www.cisco.com/en/US/partner/docs/net_mgmt/cisco_secure_access_control_system/5.1/user/guide/viewer_sys_ops.html#wp1072344

New Member

Re: Exclude specific user from ACS logging ?

Thanks for pointing that out to me. I will have a closer look at this feature.

336
Views
0
Helpful
4
Replies
CreatePlease login to create content