Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

No TACACS+ Administration Logging on ACS

I can get a csv file created for a TACACS+ Administration log/report [configured in Interface Logging of the ACS] but that log file is is empty. Help states that aaa accounting commands start-stop TACACS+ must appear in the access server or router configuration file in order to capture this day but my ASA 5520 will only allow;

aaa accounting command <server group> or <privilege>.

How do I get this ASA and Windows ACS to collect TACACS+ administration?

Note: My TACACS+ accounting does collect data on users ssh into the ASA.

3 REPLIES
Bronze

Re: No TACACS+ Administration Logging on ACS

It's quite possible that you might be experiencing a know bug ( CSCsg97429 ) in ACS version 4.1.

Get this Patch: Acs-4.1.1.23.5-SW.zip. It fixes the TACACS+ Administration log/report problem.

You rigth in regards to the command. It is needed for your NAS to send accounting information to the ACS.

Here's an example of the commands:

aaa accounting exec default start-stop group tacacs+

aaa accounting commands 15 default start-stop group tacacs+

Hope it helps.

New Member

Re: No TACACS+ Administration Logging on ACS

That worked on one ASA but I also installed a secondary Authentication utility. I have a second ASA with the new patch loaded but no utility. I will look at it Friday am and see if has entries in the log. If not I will installed the utility. We'll see

Bronze

Re: No TACACS+ Administration Logging on ACS

Did it work eventually.?

320
Views
0
Helpful
3
Replies