Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

TACACS+ and syslog server

Hi,

I was wondering about logging and aaa accounting.

I notice some networks will have a syslog server and a tacacs+ server with aaa accounting. Is it best practices on a security perspective to configure a router to use a syslog server and a tacacs+ server using aaa accounting?

1 REPLY
Silver

Re: TACACS+ and syslog server

Hi Nathan

As usual its "horses for courses". If you are using a AAA server (such as ACS) to secure access to your routers - then the best practice is to log both session and command accounting to AAA also.

In that way the ACS server will be logging both succesful and failed login/command authorisation attempts AND the session/command accounting.

All this gets logged to standard CSV files for off-line processing in Excel or rather better... something like extraxi aaa-reports!

syslog, on the other hand, is a fire and forget, non standard and somewhat arcane method of logging. Being UDP its "fire and forget" and therefore not as reliable as TACACS+

SOX now effects most large co's and access to network infrastructure (& hence audit of) is becoming vital.

Darran

1105
Views
0
Helpful
1
Replies