Hello <div><br></div><div>I have a problem about authorşzation commands on tac_plus</div><div>I see cmd commands in tac_plus log file but i also want to see cmd-arg command, i tried many ways , but i failed.</div><div>Could you explain that tac_plus can log the cmd-arg parameters? Cisco router says that i send all commands authorization messages, but tac_plus not log cmd-arg messages.</div>
<div><br></div><div>Cisco debug output says;</div><div><br></div><div><div><div>AAA/AUTHOR (0): user='servet'</div><div>AAA/AUTHOR (0): send AV service=shell</div><div>AAA/AUTHOR (0): send AV cmd=ip</div><div>AAA/AUTHOR (0): send AV cmd-arg=ospf</div>
<div>AAA/AUTHOR (0): send AV cmd-arg=cost</div><div>AAA/AUTHOR (0): send AV cmd-arg=10000</div><div>AAA/AUTHOR (0): send AV cmd-arg=<cr></div><div>AAA/AUTHOR (226099858): Method=TACACS+</div><div>AAA/AUTHOR/TAC+ (226099858): user=servet</div>
<div>AAA/AUTHOR/TAC+ (226099858): send AV service=shell</div><div>AAA/AUTHOR/TAC+ (226099858): send AV cmd=ip</div><div>AAA/AUTHOR/TAC+ (226099858): send AV cmd-arg=ospf</div><div>AAA/AUTHOR/TAC+ (226099858): send AV cmd-arg=cost</div>
<div>AAA/AUTHOR/TAC+ (226099858): send AV cmd-arg=10000</div><div>AAA/AUTHOR/TAC+ (226099858): send AV cmd-arg=<cr>end</div><div>AAA/AUTHOR (226099858): Post authorization status = PASS_ADD</div><div>AAA/AUTHOR (0): user='servet'</div>
<div>AAA/AUTHOR (0): send AV service=shell</div><div>AAA/AUTHOR (0): send AV cmd=end</div><div>AAA/AUTHOR (0): send AV cmd-arg=<cr></div><div>AAA/AUTHOR (475071597): Method=TACACS+</div><div>AAA/AUTHOR/TAC+ (475071597): user=servet</div>
<div>AAA/AUTHOR/TAC+ (475071597): send AV service=shell</div><div>AAA/AUTHOR/TAC+ (475071597): send AV cmd=end</div><div>AAA/AUTHOR/TAC+ (475071597): send AV cmd-arg=<cr></div><div>AAA/AUTHOR (475071597): Post authorization status = PASS_ADD</div>
<div>%SYS-5-CONFIG_I: Configured from console by vty0 (212.58.13.41)</div></div></div><div><br></div><div><br></div><div><br></div><div>tac_plus log file says;</div><div><div><br></div><div>Fri Nov 18 19:04:11 2011 [59820]: connect from 1.1.1.1 [1.1.1.1]</div>
<div>Fri Nov 18 19:04:11 2011 [59820]: Start authorization request</div><div>Fri Nov 18 19:04:11 2011 [59820]: do_author: user='servet'</div><div>Fri Nov 18 19:04:11 2011 [59820]: user 'servet' found</div>
<div>Fri Nov 18 19:04:11 2011 [59820]: authorize_cmd: user=servet, cmd=configure</div><div>Fri Nov 18 19:04:11 2011 [59820]: cmd configure does not exist, permitted by default</div><div>Fri Nov 18 19:04:11 2011 [59820]: authorization query for 'servet' tty18 from 1.1.1.1 accepted</div>
<div>Fri Nov 18 19:04:14 2011 [59821]: connect from 1.1.1.1 [1.1.1.1]</div><div>Fri Nov 18 19:04:14 2011 [59821]: Start authorization request</div><div>Fri Nov 18 19:04:14 2011 [59821]: do_author: user='servet'</div>
<div>Fri Nov 18 19:04:14 2011 [59821]: user 'servet' found</div><div>Fri Nov 18 19:04:14 2011 [59821]: authorize_cmd: user=servet, cmd=interface</div><div>Fri Nov 18 19:04:14 2011 [59821]: cmd interface does not exist, permitted by default</div>
<div>Fri Nov 18 19:04:14 2011 [59821]: authorization query for 'servet' tty18 from 1.1.1.1 accepted</div><div>Fri Nov 18 19:04:22 2011 [59822]: connect from 1.1.1.1 [1.1.1.1]</div><div>Fri Nov 18 19:04:22 2011 [59822]: Start authorization request</div>
<div>Fri Nov 18 19:04:22 2011 [59822]: do_author: user='servet'</div><div>Fri Nov 18 19:04:22 2011 [59822]: user 'servet' found</div><div>Fri Nov 18 19:04:22 2011 [59822]: authorize_cmd: user=servet, cmd=ip</div>
<div>Fri Nov 18 19:04:22 2011 [59822]: cmd ip does not exist, permitted by default</div><div>Fri Nov 18 19:04:22 2011 [59822]: authorization query for 'servet' tty18 from 1.1.1.1 accepted</div><div>Fri Nov 18 19:04:23 2011 [59823]: connect from 1.1.1.1 [1.1.1.1]</div>
<div>Fri Nov 18 19:04:23 2011 [59823]: Start authorization request</div><div>Fri Nov 18 19:04:23 2011 [59823]: do_author: user='servet'</div><div>Fri Nov 18 19:04:23 2011 [59823]: user 'servet' found</div>
<div>Fri Nov 18 19:04:23 2011 [59823]: authorize_cmd: user=servet, cmd=end</div><div>Fri Nov 18 19:04:23 2011 [59823]: cmd end does not exist, permitted by default</div><div>Fri Nov 18 19:04:23 2011 [59823]: authorization query for 'servet' tty18 from 1.1.1.1 accepted</div>
</div>