Hi All,<br><br>Turns out IOS wasn't broken after all. It appears that IOS sees a ping command as a priv-lvl 3 command and I didn't have priv-lvl 3 configured for accounting.<br><br>aaa accounting commands 3 default start-stop group tacacs+<br>
<br>A 'debug aaa accounting' helped me figure out that ping command is a priv-lvl 3 command.<br><br>Dec 2 13:56:29 AEDT: AAA/MEMORY: create_user (0x66146308) user='user1' ruser='myrouter' ds0=0 port='tty2' rem_addr='210.15.210.x' authen_type=ASCII service=NONE priv=3 initial_task_id='0', vrf= (id=0)<br>
<br>Once I added priv-lvl 3 commands to aaa accounting, it showed up in the logs now.<br><br>Wed Dec 2 13:55:58 2009 203.17.101.y user1 tty2 210.15.210.x stop task_id=42 timezone=AEDT service=shell start_time=1259722589 priv-lvl=3 cmd=ping 210.15.254.x <cr><br>
<br>Just a caveat with this, ping is priv-lvl3 on the two IOS I tested, but traceroute showed up as priv-lvl3 using 122-31.SB13 and privi-lvl15 using 124-24.T1. That's Cisco for you with their priv-lvl's...<br><br>
Glad to finally get to the bottom of this.<br><br>Cheers.<br><br>Andy<br><br><div class="gmail_quote">On Fri, Nov 27, 2009 at 5:19 PM, john heasley <span dir="ltr"><<a href="mailto:heas@shrubbery.net">heas@shrubbery.net</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">Thu, Nov 26, 2009 at 11:45:07AM +1100, Andy Saykao:<br>
<div class="im">> Hi All,<br>
><br>
> I've set up a hdtest user that can run privilege commands by using<br>
> privilege-level 3 and going into "enable 3". Whilst the user can run the<br>
> privilege commands like ping and traceroute, I am not seeing these commands<br>
> appear in the accounting logs for this user.<br>
><br>
> It looks like the command 'ping' does not appear anywhere in the log even<br>
> when I use a privilege-level 15 user, so I can only assume that this is the<br>
> desired behaviour. But with traceroute, I see it appearing in the logs for a<br>
> privilege-level 15 user but not for a privilege-level 3 user? Any ideas why<br>
> this is so or how to see it in the log for a privilege-level 3 user?<br>
<br>
</div>that'd seem a clear indication that your ios is broken.<br>
</blockquote></div><br>