Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

AAA Accounting

Hi,

I have tested AAA accounting with a router / ACS (CSNT) and can't configure them to register each command executed by the user logged inthe console.

I used these commands:

aaa new-model

aaa authentication login default group tacacs+ line

aaa accounting exec AuditConsole start-stop group tacacs+

The only registers I can see at the ACS are start and stop, bytes transfered etc references.

To record each command executed, for audit purpose, do I have to use "aaa accounting commands [level] default start-stop group tacacs+" and specify the commands for a specific level before?

Record user activity by AAA is the better way to do this or I can make this efficiently using Syslog?

Tks,

2 REPLIES
New Member

Re: AAA Accounting

you need command accounting to do this. you will need one "aaa accounting" command for each privilege level you wish to monitor. you do not need start-stop for command accounting, stop only records will log all activity.

this cant be done with syslog.

New Member

Re: AAA Accounting

Thank you for your answer.

You wrote: ". you will need one "aaa accounting" command for each privilege level "

This mean that I have to use the command "privilege exec 'level' 'command'" before to specify all commands I want audit or that is a "default"privilege for the commands?

215
Views
0
Helpful
2
Replies
CreatePlease to create content