Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Tracking the executed commands

We are using Microsoft IAS Radius server for authentication to a large number of Cisco routers in our organization. Is it possible to log the commands that are entered on routers (Whether console or telnet session) for audit purposes? If so, is there a document on how to do implement it?

7 REPLIES
New Member

Re: Tracking the executed commands

Hi,

That is very much possible but I am not sure if IAS logging supports it. Here are the commands we need to configure on IOS devcie.

aaa accounting exec default start-stop group tacacs+

aaa accounting commands 0 default start-stop group tacacs+/Radius

aaa accounting commands 1 default start-stop group tacacs+/Radius

aaa accounting commands 15 default start-stop group tacacs+/Radius

HTH

Parminder

Re: Tracking the executed commands

Unfortunately its not possible using IAS, as it only supports Radius protocol.

And you are looking for is covered under TACACS+ protocol (Cisco ACS)

Regards,

Prem

New Member

Re: Tracking the executed commands

Hi,

My apologies for the incorrect information, I recreated this issue and Prem is correct, we cannot configure radius accounting for the commands. Tacacs is the only option available for the command accounting.

Thanks

Parminder

Re: Tracking the executed commands

Hall of Fame Super Gold

Re: Tracking the executed commands

Collin

This is a very neat feature that I was not aware of. I believe it deserves the 5 rating that I gave it.

HTH

Rick

Re: Tracking the executed commands

Indeed a very good feature.

rated :-)

Narayan

Cisco Employee

Re: Tracking the executed commands

The link no longer seems to be valid. What is the neat/good feature that you guys are talking about ??

Thank you for rating helpful posts!
206
Views
15
Helpful
7
Replies
CreatePlease to create content