06-16-2007 02:03 AM - edited 03-03-2019 05:28 PM
Hi all,
I have enabled tacacs-server on cisco router and accounting is configured, but we noticed configuration done on interface mode is not logged.
The configuration on cisco is attached, let me know your feedback.
regards,
Mohamed
06-16-2007 02:59 AM
Hi
I think the command should be like this.
aaa accounting commands 15 default start-stop group tacacs+
Thanks
Mahmood
06-16-2007 04:00 AM
Hi Mahmood,
I have done it but still its not recording commands issued at the interface level..
commands issued at config/privilege modes are being recorded perfectly..
Any suggestions will be appreciated.
Regards,
Mohamed
06-16-2007 11:42 AM
Hi All,
Any one have idea to come out through this issue, it would be appreciated.
Best Regards,
06-17-2007 12:08 AM
Friend,
You need to look at the "Tacacs administration" link on the Cisco acs server for acoounting logs. I do nto know for what reason it does not show in the accounting logs
here is the configuration i used and able to see all the configuration changes under the tacacs administration page
!
aaa new-model
aaa authentication login ABCD group tacacs+ local
aaa authorization exec ABCD group tacacs+ local
aaa authorization console
aaa authorization config-commands
aaa authorization configuration ABCD group tacacs+ local
aaa authorization commands 10 ABCD group tacacs+ loca
aaa authorization commands 15 ABCD group tacacs+ local
aaa accounting exec ABCD start-stop group tacacs+
aaa accounting commands 1 ABCD start-stop group tacacs+
aaa accounting commands 15 ABCD start-stop group tacacs+
!
!
tacacs-server host 172.16.100.19 key XXXXX
!
line vty 0 15
exec-timeout 5 0
privilege level 15
authorization commands 15 ABCD
authorization commands 1 ABCD
authorization exec ABCD
accounting connection ABCD
accounting commands 1 ABCD
accounting commands 15 ABCD
accounting exec ABCD
login authentication ABCD
HTH,rate if it does
Narayan
06-17-2007 01:31 AM
Hi Narayan,
When you applied the same config, Are you able to see accounting logs for interface level?
Now its being able to record all config done at privilige/config modes but only can't log changes dont at interface level!!
Please confirm the above,
I would also like to add that I am configuring a (default) key word instead of ABCD , This shouldnt affect any thing am I right?
Awaiting your feedback.
Best Regads,
06-17-2007 02:12 AM
Yes my friend,
I am able to see all the logs under the interface level as well (attached reference logs)
The fact that you use a default group(not key) whereas i use ABCD should not matter.
Try configuring one device according to what i posted and let me know.
HTH, rate if it does
Narayan
06-17-2007 04:15 AM
Mohamed
While there are some details of your config that might need clarification or improvement (for example your commands specify group TS but I do not see any definition of a group TS), if you say that some level 15 commands are being logged properly then I assume that the details of the config must be working ok.
I am puzzled about why interface commands are not being written to the accounting records. Your configuration of:
aaa accounting commands 15 default stop-only group TS
is similar to the way that I configure routers. I generally use start-stop where you are using stop-only. I would not expect this to cause the issue that you are seeing but it would be worth trying to see if it is any different if you specify start-stop instead of stop-only.
If that does not make any difference then I wonder if you are encountering a bug in the version of code that you are running. Can you give us the specifics of the code version that you are running? When I configure accounting for level 15 commands I see interface commands in the accounting records, so in general I believe that it works. So it might be worth trying a newer version of code and seeing if the behavior changes.
HTH
Rick
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: