Re: AAA command accounting using pix

akin_lopez · ‎07-21-2006

Hi guys,

what command can i use to turn on command accounting in pix like it is possible in the IOS.

i need every command typed to be logged on the ACS server.

hemendoz · ‎07-21-2006

Command accounting can be configured ONLY in PIX v7.x. Also, it looks like that only non-show commands will be sent.

Per the command reference

To send accounting messages to the TACACS+ accounting server when you enter any command other than show commands at the CLI, use the aaa accounting command command in global configuration mode.

aaa accounting command

http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/v_7_2/cmd_ref/a1_711.htm#wp1428200

For version 6.x,

Authentication and Command Authorization for PIX 6.2

http://www.cisco.com/warp/public/110/pix_command.shtml#accounting

There is no actual command accounting available, but by having syslog activated on the PIX, you can see what actions were performed, as shown in this example:

307002: Permitted Telnet login session from 172.18.124.111

111006: Console Login from pixtest at console

611103: User logged out: Uname: pixtest

307002: Permitted Telnet login session from 172.18.124.111

111006: Console Login from pixtest at console

502103: User priv level changed: Uname: pixtest From: 1 To: 15

111008: User 'pixtest' executed the 'enable' command.

111007: Begin configuration: 172.18.124.111 reading from terminal

111008: User 'pixtest' executed the 'configure t' command.

111008: User 'pixtest' executed the 'write t' command.

Hope this helps! If so, please rate.

Thanks

akin_lopez · ‎07-22-2006

Hi,

you were very helpful with that response.

THANKS!!!!!!