Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1728
Views
0
Helpful
2
Replies

AAA Accounting

mbarros
Level 1
Level 1

‎09-10-2002 10:06 AM - edited ‎02-21-2020 10:03 AM

Hi,

I have tested AAA accounting with a router / ACS (CSNT) and can't configure them to register each command executed by the user logged inthe console.

I used these commands:

aaa new-model

aaa authentication login default group tacacs+ line

aaa accounting exec AuditConsole start-stop group tacacs+

The only registers I can see at the ACS are start and stop, bytes transfered etc references.

To record each command executed, for audit purpose, do I have to use "aaa accounting commands [level] default start-stop group tacacs+" and specify the commands for a specific level before?

Record user activity by AAA is the better way to do this or I can make this efficiently using Syslog?

Tks,

Labels:
0 Helpful
2 Replies 2

pgolding
Level 1
Level 1

‎09-11-2002 08:41 PM

you need command accounting to do this. you will need one "aaa accounting" command for each privilege level you wish to monitor. you do not need start-stop for command accounting, stop only records will log all activity.

this cant be done with syslog.

0 Helpful

mbarros
Level 1
Level 1
In response to pgolding

‎09-12-2002 04:43 AM

Thank you for your answer.

You wrote: ". you will need one "aaa accounting" command for each privilege level "

This mean that I have to use the command "privilege exec 'level' 'command'" before to specify all commands I want audit or that is a "default"privilege for the commands?

0 Helpful
Customers Also Viewed These Support Documents