[tac_plus] cmd-arg command authorization logging
Servet Erkun
servet.erkun at gmail.com
Sat Nov 19 12:36:19 UTC 2011
Hi Folks
I could not understand what do you mean exactly? There is no problem about
accounting, Accounting is working i can see accounting start-stop messages
in tac_plus accounting log.
I see these logs on tac_plus log file, this means cisco router
sends command authorization messages to tacacs and tacacs logged it. But
tac_plus does not log all command authorization messaages , for example
cisco sends "AAA/AUTHOR/TAC+ (226099858): send AV cmd=ip" message,
and tac_plus logs that "Fri Nov 18 19:04:22 2011 [59822]:
authorize_cmd: user=servet, cmd=ip"
But cisco also sends "AAA/AUTHOR/TAC+ (226099858): send AV
cmd-arg=ospf" but tac_plus can not log that message,
I want to record all command authorization messages including "cmd-arg" .
Not only "cmd" authorization messages,
Servet
On Sat, Nov 19, 2011 at 00:36, john heasley <heas at shrubbery.net> wrote:
> Fri, Nov 18, 2011 at 07:00:03PM +0200, Servet Erkun:
> > Hello
> >
> > I have a problem about author?zation commands on tac_plus
> > I see cmd commands in tac_plus log file but i also want to see cmd-arg
> > command, i tried many ways , but i failed.
> > Could you explain that tac_plus can log the cmd-arg parameters? Cisco
> > router says that i send all commands authorization messages, but tac_plus
> > not log cmd-arg messages.
>
> you can use tacacs command accounting on the device.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/tac_plus/attachments/20111119/14364bc1/attachment.html>
More information about the tac_plus
mailing list