Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

aaa accounting command

Hi,

I am having a problem getting the aaa acccount command to actually send any information to the my two ACS 4.1 servers. The servers are showing logs for Tacacs accounting but not tacacs Administration, so i am unable to see what commands my technicians are performing on the device.

Any thoughts.

Miron

9 REPLIES

Re: aaa accounting command

HI

Have u enable accounting for all the commands.Can u paste the config of aaa.

i think the command should be like this

aaa accounting commands 0 15 deafult start-stop group tacacs+

Thanks

Mahmood

New Member

Re: aaa accounting command

Mahmood,

These are the commands I currently have and they worked in the past. These are the same commands as on my 3750, 4500, 6500 etc.

The Group AccountingTAC is defined with two servers, which are doing the authentication successfully.

aaa accounting exec default start-stop group AccountingTAC

aaa accounting commands 0 default start-stop group AccountingTAC

aaa accounting commands 1 default start-stop group AccountingTAC

aaa accounting commands 2 default start-stop group AccountingTAC

aaa accounting commands 3 default start-stop group AccountingTAC

aaa accounting commands 4 default start-stop group AccountingTAC

aaa accounting commands 5 default start-stop group AccountingTAC

aaa accounting commands 6 default start-stop group AccountingTAC

aaa accounting commands 7 default start-stop group AccountingTAC

aaa accounting commands 8 default start-stop group AccountingTAC

aaa accounting commands 9 default start-stop group AccountingTAC

aaa accounting commands 10 default start-stop group AccountingTAC

aaa accounting commands 11 default start-stop group AccountingTAC

aaa accounting commands 12 default start-stop group AccountingTAC

aaa accounting commands 13 default start-stop group AccountingTAC

aaa accounting commands 14 default start-stop group AccountingTAC

aaa accounting commands 15 default start-stop group AccountingTAC

Hall of Fame Super Silver

Re: aaa accounting command

Miron

Would I be correct in assuming that you were running on an older version of ACS, the accounting/administration logs worked, and then you upgraded to 4.1 and the administration logs stopped working? We ran into that situation at a customer site and discovered that it is a problem in the 4.1 version and that Cisco has a patch for this issue. We installed the patch and the administration reports are now working fine.

HTH

Rick

Re: aaa accounting command

Hi Rick is right,

This is a known issue, you need to apply patch ACS 4.1.1.23.5 to fix the issue.

Patch for appliance is availble on

http://www.cisco.com/cgi-bin/tablebuild.pl/acs-soleng-3des

Patch name : ACS SE 4.1.1.23.5 accumulative patch

Patch for acs windows is availble on

http://www.cisco.com/cgi-bin/tablebuild.pl/acs-win-3des

Patch Name : ACS 4.1.1.23.5 accumulative patch

HTH, rate if it does

Narayan

Re: aaa accounting command

Hi Miron,

This is a known issue with acs running on 4.1.23 that it will not log tacacs admin logs. You need to apply patch for this.

http://www.ciscotaccc.com/kaidara-advisor/security/showcase?case=K15512731

Hope that helps !

Regards,

~JG

New Member

Re: aaa accounting command

Thanks for your help everyone, I applied the patch however now my Services will not start on the engine, out of the pan into the fire:-D, tried to do a rollback command and restart the servers but still does not start them.

Re: aaa accounting command

Hi,

I would suggest you to reimage the appliance using recovery CD that you received with appliance and apply the patch again.

Regards,

New Member

Re: aaa accounting command

Hi,

I did that this morning, except havent applied the patches to the two servers.

Will apply the patch on the backup , and see if it fails again.

Miron

New Member

Re: aaa accounting command

Hi

I too applied the Patch and faced with same issue

Had to restore ACS backup

And the problem still persists

Cant see administration logs

any suggestions

296
Views
0
Helpful
9
Replies
CreatePlease to create content