07-21-2006 01:14 PM - edited 02-21-2020 10:16 AM
Hi guys,
what command can i use to turn on command accounting in pix like it is possible in the IOS.
i need every command typed to be logged on the ACS server.
07-21-2006 01:49 PM
Command accounting can be configured ONLY in PIX v7.x. Also, it looks like that only non-show commands will be sent.
Per the command reference
To send accounting messages to the TACACS+ accounting server when you enter any command other than show commands at the CLI, use the aaa accounting command command in global configuration mode.
aaa accounting command
http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/v_7_2/cmd_ref/a1_711.htm#wp1428200
For version 6.x,
Authentication and Command Authorization for PIX 6.2
http://www.cisco.com/warp/public/110/pix_command.shtml#accounting
There is no actual command accounting available, but by having syslog activated on the PIX, you can see what actions were performed, as shown in this example:
307002: Permitted Telnet login session from 172.18.124.111
111006: Console Login from pixtest at console
611103: User logged out: Uname: pixtest
307002: Permitted Telnet login session from 172.18.124.111
111006: Console Login from pixtest at console
502103: User priv level changed: Uname: pixtest From: 1 To: 15
111008: User 'pixtest' executed the 'enable' command.
111007: Begin configuration: 172.18.124.111 reading from terminal
111008: User 'pixtest' executed the 'configure t' command.
111008: User 'pixtest' executed the 'write t' command.
Hope this helps! If so, please rate.
Thanks
07-22-2006 03:49 AM
Hi,
you were very helpful with that response.
THANKS!!!!!!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: