cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1707
Views
0
Helpful
2
Replies

AAA Accounting

mbarros
Level 1
Level 1

Hi,

I have tested AAA accounting with a router / ACS (CSNT) and can't configure them to register each command executed by the user logged inthe console.

I used these commands:

aaa new-model

aaa authentication login default group tacacs+ line

aaa accounting exec AuditConsole start-stop group tacacs+

The only registers I can see at the ACS are start and stop, bytes transfered etc references.

To record each command executed, for audit purpose, do I have to use "aaa accounting commands [level] default start-stop group tacacs+" and specify the commands for a specific level before?

Record user activity by AAA is the better way to do this or I can make this efficiently using Syslog?

Tks,

2 Replies 2

pgolding
Level 1
Level 1

you need command accounting to do this. you will need one "aaa accounting" command for each privilege level you wish to monitor. you do not need start-stop for command accounting, stop only records will log all activity.

this cant be done with syslog.

Thank you for your answer.

You wrote: ". you will need one "aaa accounting" command for each privilege level "

This mean that I have to use the command "privilege exec 'level' 'command'" before to specify all commands I want audit or that is a "default"privilege for the commands?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: