You can do accounting and send the output to a RADIUS server as well
Edison is right that the traditional solution for this was AAA accounting. Cisco has introduced a new feature which gives you the ability to track config changes to syslog rather than using aaa accounting. This link provides information about this new capability:
I have not yet tested it but it sounds exactly like what you want.
Somehow that feature escaped and I've used it many times in different implementations. That's definitely the solution the OP is after. I'm rating your post accordingly.
I am glad that you are familiar with this. It sounds very good but I have not yet had occasion to use it.
Thanks for the rating.
I am trying to configure this, however it does not seem to be sending the messages to the syslog server. Can you post me the relevant part of a working config? Thanks,
Sorry, that's when you need AAA.
If you have a RADIUS server, you can configure accounting by pointing to that server. No need to purchase a TACACS+ server.
But where does it store the messages? I do have AAA configured via MS IAS, works great. I looked over the document you linked in the first reply and it didn't seem say where it logged the messages.
Let's see what you have configured thus far regarding AAA.
Please include the radius information as well.
Are you authenticating and receiving authorization via RADIUS ?
here is my AAA config
aaa group server radius srv006
server xxx.xxx.xxx.xxx auth-port 1645 acct-port 1646
aaa authentication login default group (groupname) local
aaa authentication login console line
aaa authorization exec default group (groupname) if-authenticated
aaa session-id common
radius-server host xxx.xxx.xxx.xxx auth-port 1645 acct-port 1646
radius-server deadtime 1
radius-server key (rad key)
radius-server vsa send authentication
You have AAA configured for authentication and authorization but not for accounting. Add this to your config:
aaa accounting cpmmands 15 default start-stop group (groupname)
This should get you all the privilege level commands that are entered.
That is fine and dandy. What i don't understand is where does it log the messages on the AAA server? What i am trying to obtain is everytime some one does something on a network device i see it on my monitoring system monitor automatically, in a syslog type format.
My experience with AAA accounting is with an ACS server. In the ACS server there is a report heading where the accounting records are displayed. Assuming that your Radius server is not an ACS server I am not sure where the accounting records are logged.
Yeah, well i will work with what y'all have given me and see what i can come up with. I will rate the post accordingly Monday. Thank both of you for your enduring help!
add these accounting commands as well and check
aaa accounting exec default start-stop group radius
aaa accounting commands 1 default start-stop group radius
aaa accounting commands 15 default start-stop group radius
this does not work for RADUIS, but yet we have the command avaliable; msg shows that it can only be for TACACS. how can we get it.
PE2(config)#aaa accounting commands 15 default start-stop group TESTR
10w1d: %AAAA-4-SERVNOTACPLUS: The server-group "TESTR" is not a tacacs+ server group. Please define "TESTR" as a tacacs+ server group.
Also Cisco Documnetation:
Cisco's implementation of RADIUS does not support command accounting.
how can we do that?? any ideas.
Try without using the group name and please enter the commands as Narayan illustrated.
The link you posted is from 11.3 IOS release. That's very old information and it's no longer true.
Please follow the link I posted at the beginning of this thread.
It has the most recent information regarding AAA Accounting configuration.
BTW, What IOS release are you running ?