From alan.mckinnon at gmail.com Thu Nov 1 00:19:20 2012 From: alan.mckinnon at gmail.com (Alan McKinnon) Date: Thu, 1 Nov 2012 02:19:20 +0200 Subject: [tac_plus] accounting to syslog. tac_plus F4.0.4.19 In-Reply-To: <92436F119105D340B00C0E74C0D5401B04D49ACA@VESTMB402A.tdk.dk> References: <92436F119105D340B00C0E74C0D5401B04D49ACA@VESTMB402A.tdk.dk> Message-ID: <20121101021920.0912422c@khamul.example.com> On Wed, 31 Oct 2012 15:24:35 +0100 "Gert Elnegaard" wrote: > Hi, > > tac_plus version F4.0.4.19 > so sending accounting to syslog should be supported. > > running on FreeBSD 8.3-RELEASE-p4 > > having following config: > > accounting syslog; > accounting file = /var/log/tac_plus.acct > > logging = local6 > > and syslogd.conf > > local6.* /var/log/tac_plus.log > > > accounting logs go OK to /var/log/tac_plus.acct. We have used that for > many years. > > and I see, for example, following types of messages in > /var/log/tac_plus.log: > > Oct 31 14:15:02 login20 tac_plus[23136]: connect from 62.135.173.4 > [62.135.173.4] > > So basic syslog'ing from tac_plus to syslog local6 facility works ok. > but I do not get any accounting records in tac_plus.log > I would like to see command accounting logs in tac_plus.log, similar > to those we see in tac_plus.acct: > > Wed Oct 31 14:18:55 2012 213.236.195.47 nothowan ttyp1 > 195.249.15.10 stop task_id=1 service=shell > elapsed_time=3606 process*mgd[27460] cmd=logout > > Do you have any idea what the problem is? Yes, it essentially does not work. Tac_plus accounting logs are not really in a syslog format, all the syslog headers are not there. Remember that the device sends it's accounting logs to the server so to get them into syslog would require a lot of stripping out of timestamps and mangling of the log, and tac_plus does not know where the headrs end. This is against the spirit of logging. Apache has a similar problem - it's access and error logs don't go to syslog for a good reason - they do not fit into a syslog paradigm. A few versions ago there was a note in the ChangeLog about a config knob that could be tweaked to send accounting to syslog, but like you I never got it to work satisfactorily. What did work eventually was to configure my syslogger to read the acct files directly, apply the priority and facility I chose and send them on to the central syslogger. They are still mangled with two timestamps and two IP fields for each log but perl can be trained to deal with that when reporting. syslog-ng is the only syslogger I tested that lets you configure this in a sane rational way -- Alan McKinnon alan.mckinnon at gmail.com From antonio.ojea.garcia at gmail.com Thu Nov 1 09:49:31 2012 From: antonio.ojea.garcia at gmail.com (Antonio Ojea Garcia) Date: Thu, 1 Nov 2012 10:49:31 +0100 Subject: [tac_plus] accounting to syslog. tac_plus F4.0.4.19 In-Reply-To: <534c300ac26f468f97c32918b54a884d@HUB2-PRO.xunta.local> References: <92436F119105D340B00C0E74C0D5401B04D49ACA@VESTMB402A.tdk.dk> <534c300ac26f468f97c32918b54a884d@HUB2-PRO.xunta.local> Message-ID: I had this problem with accounting on tacacs using syslog. I have solved it using logstash to read the file, modify the records and send them to a central syslog. However, I'm using splunk now, it's easy to search and report on events and if you don't have so much data (500MB a day) it is free. I replaced logstash with splunk light forwarder and it reads the logs and send them to the central splunk server. 2012/11/1 Alan McKinnon > On Wed, 31 Oct 2012 15:24:35 +0100 > "Gert Elnegaard" wrote: > > > Hi, > > > > tac_plus version F4.0.4.19 > > so sending accounting to syslog should be supported. > > > > running on FreeBSD 8.3-RELEASE-p4 > > > > having following config: > > > > accounting syslog; > > accounting file = /var/log/tac_plus.acct > > > > logging = local6 > > > > and syslogd.conf > > > > local6.* /var/log/tac_plus.log > > > > > > accounting logs go OK to /var/log/tac_plus.acct. We have used that for > > many years. > > > > and I see, for example, following types of messages in > > /var/log/tac_plus.log: > > > > Oct 31 14:15:02 login20 tac_plus[23136]: connect from 62.135.173.4 > > [62.135.173.4] > > > > So basic syslog'ing from tac_plus to syslog local6 facility works ok. > > but I do not get any accounting records in tac_plus.log > > I would like to see command accounting logs in tac_plus.log, similar > > to those we see in tac_plus.acct: > > > > Wed Oct 31 14:18:55 2012 213.236.195.47 nothowan ttyp1 > > 195.249.15.10 stop task_id=1 service=shell > > elapsed_time=3606 process*mgd[27460] cmd=logout > > > > Do you have any idea what the problem is? > > Yes, it essentially does not work. > > Tac_plus accounting logs are not really in a syslog format, all the > syslog headers are not there. Remember that the device sends it's > accounting logs to the server so to get them into syslog would require > a lot of stripping out of timestamps and mangling of the log, and > tac_plus does not know where the headrs end. This is against the spirit > of logging. > > Apache has a similar problem - it's access and error logs don't go to > syslog for a good reason - they do not fit into a syslog paradigm. > > A few versions ago there was a note in the ChangeLog about a config > knob that could be tweaked to send accounting to syslog, but like you I > never got it to work satisfactorily. > > What did work eventually was to configure my syslogger to read the > acct files directly, apply the priority and facility I chose and send > them on to the central syslogger. They are still mangled with two > timestamps and two IP fields for each log but perl can be trained to > deal with that when reporting. syslog-ng is the only syslogger I tested > that lets you configure this in a sane rational way > > > > -- > Alan McKinnon > alan.mckinnon at gmail.com > > _______________________________________________ > tac_plus mailing list > tac_plus at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/tac_plus > -------------- next part -------------- An HTML attachment was scrubbed... URL: From vetoll at gmail.com Sun Nov 4 14:32:11 2012 From: vetoll at gmail.com (Vetoll) Date: Sun, 4 Nov 2012 16:32:11 +0200 Subject: [tac_plus] HWTACACS with H3C and 3Com Message-ID: Hi, Here is my tac_plus config... How do I modify the privilege level on H3C? user = vetoll { login = PAM member = lab maxsess = 10 } #LAB Group group = lab { default service = permit service = exec { priv-lvl=15 } } This is my debug from the H3C switch... my user just fails to login. *May 2 12:42:22:696 2000 H3C.Linux.Core TAC/7/Event: Create HWTACACS authentication request packet success *May 2 12:42:22:698 2000 H3C.Linux.Core TAC/7/Event: TAC_MESSAGE for AAA->TAC: *May 2 12:42:22:699 2000 H3C.Linux.Core TAC/7/Event: TAC_MESSAGE for AAA->TAC: UserID=50 PacketType=3 AuthenType=1 AuthenService=1 PrivLevel=0 Version=c0 TemplateNum=0 UserName=vetoll at lab.test PortName=vty1 RemAddress=10.0.0.5 UserMsg= DataMsg= *May 2 12:42:22:741 2000 H3C.Linux.Core TAC/7/Event: TAC_MESSAGE for AAA->TAC: *May 2 12:42:22:743 2000 H3C.Linux.Core TAC/7/Event: TAC_MESSAGE for AAA->TAC: UserID=50 PacketType=3 AuthenType=1 AuthenService=1 PrivLevel=0 Version=c0 TemplateNum=0 UserName=vetoll at lab.test PortName=vty1 RemAddress=10.0.0.5 UserMsg= DataMsg= *May 2 12:42:22:744 2000 H3C.Linux.Core TAC/7/Event: Successfully found the FIB information for the server (Server IP: 10.200.159.251, VPN index: 0). *May 2 12:42:22:745 2000 H3C.Linux.Core TAC/7/Event: Got nas-ip 10.0.0.3 and VPN 0 of server 10.200.159.251. *May 2 12:42:22:746 2000 H3C.Linux.Core TAC/7/Event: Successfully set socket VPN attribute (VPN index: 0). *May 2 12:42:22:748 2000 H3C.Linux.Core TAC/7/Event: hwtacacs create new session : session id: 24107, user id: 50, server ip: 10.200.159.251 *May 2 12:42:22:749 2000 H3C.Linux.Core TAC/7/Event: version:c0 type:AUTHEN_REQUEST seq_no:1 flag:ENCRYPTED_FLAG session_id:5e2b length:42 action:AUTHEN_LOGIN priv_lvl:VISIT authen_type:AUTHEN_TYPE_ASCII service:AUTHEN_SVC_LOGIN user len:22 port len:4 rem_addr len:8 data len:0 user name:vetoll at lab.test port:vty1 rem_addr:10.0.0.5 data: *May 2 12:42:22:750 2000 H3C.Linux.Core TAC/7/Event: statistic: transmit flag:1, server flag: 0,packet flag:0xff *May 2 12:42:22:843 2000 H3C.Linux.Core TAC/7/Event: hwtacacs packet sending success! version:c0 type:01 sequence:01 flag:00 session id:24107 length:42 *May 2 12:42:22:844 2000 H3C.Linux.Core TAC/7/Event: Authentication sending(Result = 0) *May 2 12:42:23:145 2000 H3C.Linux.Core TAC/7/Event: version:c0 type:AUTHEN_REPLY seq_no:2 flag:ENCRYPTED_FLAG session_id:5e2b length:16 status:AUTHEN_STATUS_GETPASS flag:REPLY_FLAG_NOECHO server_msg len:10 data len:0 server_msg:Password: data: *May 2 12:42:23:146 2000 H3C.Linux.Core TAC/7/Event: statistic: transmit flag:2, server flag: 0,packet flag:0x5 *May 2 12:42:23:147 2000 H3C.Linux.Core TAC/7/Event: version:c0 type:AUTHEN_CONTINUE seq_no:3 flag:ENCRYPTED_FLAG session_id:5e2b length:15 user_msg len:****** data len:0 flag:0 user_msg:****** data: *May 2 12:42:23:148 2000 H3C.Linux.Core TAC/7/Event: hwtacacs packet sending success! version:c0 type:01 sequence:03 flag:00 session id:24107 length:15 *May 2 12:42:23:150 2000 H3C.Linux.Core TAC/7/Event: statistic: transmit flag:1, server flag: 0,packet flag:0xff *May 2 12:42:23:151 2000 H3C.Linux.Core TAC/7/Event: Authentication sending(Result = 0) *May 2 12:42:23:246 2000 H3C.Linux.Core TAC/7/Event: version:c0 type:AUTHEN_REPLY seq_no:4 flag:ENCRYPTED_FLAG session_id:5e2b length:6 status:AUTHEN_STATUS_FAIL flag:REPLY_FLAG_ECHO server_msg len:0 data len:0 server_msg: data: *May 2 12:42:23:247 2000 H3C.Linux.Core TAC/7/Event: TAC_MESSAGE for TAC->AAA: *May 2 12:42:23:249 2000 H3C.Linux.Core TAC/7/Event: TAC_MESSAGE for TAC->AAA: ulUserID=50 ucTACTemplateNO=0 ucflag=2 Echo=0 ServerMsg= *May 2 12:42:23:250 2000 H3C.Linux.Core TAC/7/Event: statistic: transmit flag:2, server flag: 0,packet flag:0x2 *May 2 12:42:23:251 2000 H3C.Linux.Core TAC/7/Event: hwtacacs session is deleted due to finishing session: session id: 24107, user id: 50, server ip: 10.200.159.251 Thanks!! -------------- next part -------------- An HTML attachment was scrubbed... URL: From daniel.schmidt at wyo.gov Tue Nov 6 22:42:04 2012 From: daniel.schmidt at wyo.gov (Daniel Schmidt) Date: Tue, 6 Nov 2012 15:42:04 -0700 Subject: [tac_plus] HWTACACS with H3C and 3Com In-Reply-To: References: Message-ID: priv_lvl:VISIT? Strange tac_pairs. What tac_pairs do you recieve on tac_plus? -----Original Message----- From: tac_plus-bounces at shrubbery.net [mailto:tac_plus-bounces at shrubbery.net] On Behalf Of Vetoll Sent: Sunday, November 04, 2012 7:32 AM To: tac_plus at shrubbery.net Subject: [tac_plus] HWTACACS with H3C and 3Com Hi, Here is my tac_plus config... How do I modify the privilege level on H3C? user = vetoll { login = PAM member = lab maxsess = 10 } #LAB Group group = lab { default service = permit service = exec { priv-lvl=15 } } This is my debug from the H3C switch... my user just fails to login. *May 2 12:42:22:696 2000 H3C.Linux.Core TAC/7/Event: Create HWTACACS authentication request packet success *May 2 12:42:22:698 2000 H3C.Linux.Core TAC/7/Event: TAC_MESSAGE for AAA->TAC: *May 2 12:42:22:699 2000 H3C.Linux.Core TAC/7/Event: TAC_MESSAGE for AAA->TAC: UserID=50 PacketType=3 AuthenType=1 AuthenService=1 PrivLevel=0 Version=c0 TemplateNum=0 UserName=vetoll at lab.test PortName=vty1 RemAddress=10.0.0.5 UserMsg= DataMsg= *May 2 12:42:22:741 2000 H3C.Linux.Core TAC/7/Event: TAC_MESSAGE for AAA->TAC: *May 2 12:42:22:743 2000 H3C.Linux.Core TAC/7/Event: TAC_MESSAGE for AAA->TAC: UserID=50 PacketType=3 AuthenType=1 AuthenService=1 PrivLevel=0 Version=c0 TemplateNum=0 UserName=vetoll at lab.test PortName=vty1 RemAddress=10.0.0.5 UserMsg= DataMsg= *May 2 12:42:22:744 2000 H3C.Linux.Core TAC/7/Event: Successfully found the FIB information for the server (Server IP: 10.200.159.251, VPN index: 0). *May 2 12:42:22:745 2000 H3C.Linux.Core TAC/7/Event: Got nas-ip 10.0.0.3 and VPN 0 of server 10.200.159.251. *May 2 12:42:22:746 2000 H3C.Linux.Core TAC/7/Event: Successfully set socket VPN attribute (VPN index: 0). *May 2 12:42:22:748 2000 H3C.Linux.Core TAC/7/Event: hwtacacs create new session : session id: 24107, user id: 50, server ip: 10.200.159.251 *May 2 12:42:22:749 2000 H3C.Linux.Core TAC/7/Event: version:c0 type:AUTHEN_REQUEST seq_no:1 flag:ENCRYPTED_FLAG session_id:5e2b length:42 action:AUTHEN_LOGIN priv_lvl:VISIT authen_type:AUTHEN_TYPE_ASCII service:AUTHEN_SVC_LOGIN user len:22 port len:4 rem_addr len:8 data len:0 user name:vetoll at lab.test port:vty1 rem_addr:10.0.0.5 data: *May 2 12:42:22:750 2000 H3C.Linux.Core TAC/7/Event: statistic: transmit flag:1, server flag: 0,packet flag:0xff *May 2 12:42:22:843 2000 H3C.Linux.Core TAC/7/Event: hwtacacs packet sending success! version:c0 type:01 sequence:01 flag:00 session id:24107 length:42 *May 2 12:42:22:844 2000 H3C.Linux.Core TAC/7/Event: Authentication sending(Result = 0) *May 2 12:42:23:145 2000 H3C.Linux.Core TAC/7/Event: version:c0 type:AUTHEN_REPLY seq_no:2 flag:ENCRYPTED_FLAG session_id:5e2b length:16 status:AUTHEN_STATUS_GETPASS flag:REPLY_FLAG_NOECHO server_msg len:10 data len:0 server_msg:Password: data: *May 2 12:42:23:146 2000 H3C.Linux.Core TAC/7/Event: statistic: transmit flag:2, server flag: 0,packet flag:0x5 *May 2 12:42:23:147 2000 H3C.Linux.Core TAC/7/Event: version:c0 type:AUTHEN_CONTINUE seq_no:3 flag:ENCRYPTED_FLAG session_id:5e2b length:15 user_msg len:****** data len:0 flag:0 user_msg:****** data: *May 2 12:42:23:148 2000 H3C.Linux.Core TAC/7/Event: hwtacacs packet sending success! version:c0 type:01 sequence:03 flag:00 session id:24107 length:15 *May 2 12:42:23:150 2000 H3C.Linux.Core TAC/7/Event: statistic: transmit flag:1, server flag: 0,packet flag:0xff *May 2 12:42:23:151 2000 H3C.Linux.Core TAC/7/Event: Authentication sending(Result = 0) *May 2 12:42:23:246 2000 H3C.Linux.Core TAC/7/Event: version:c0 type:AUTHEN_REPLY seq_no:4 flag:ENCRYPTED_FLAG session_id:5e2b length:6 status:AUTHEN_STATUS_FAIL flag:REPLY_FLAG_ECHO server_msg len:0 data len:0 server_msg: data: *May 2 12:42:23:247 2000 H3C.Linux.Core TAC/7/Event: TAC_MESSAGE for TAC->AAA: *May 2 12:42:23:249 2000 H3C.Linux.Core TAC/7/Event: TAC_MESSAGE for TAC->AAA: ulUserID=50 ucTACTemplateNO=0 ucflag=2 Echo=0 ServerMsg= *May 2 12:42:23:250 2000 H3C.Linux.Core TAC/7/Event: statistic: transmit flag:2, server flag: 0,packet flag:0x2 *May 2 12:42:23:251 2000 H3C.Linux.Core TAC/7/Event: hwtacacs session is deleted due to finishing session: session id: 24107, user id: 50, server ip: 10.200.159.251 Thanks!! -------------- next part -------------- An HTML attachment was scrubbed... URL: _______________________________________________ tac_plus mailing list tac_plus at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/tac_plus E-Mail to and from me, in connection with the transaction of public business, is subject to the Wyoming Public Records Act and may be disclosed to third parties. From antonio.ojea.garcia at retegal.es Wed Nov 7 07:47:34 2012 From: antonio.ojea.garcia at retegal.es (=?iso-8859-1?Q?Ojea_Garc=EDa=2C_Antonio?=) Date: Wed, 7 Nov 2012 07:47:34 +0000 Subject: [tac_plus] HWTACACS with H3C and 3Com In-Reply-To: References: Message-ID: <33D99C75B639FD4AA188C640AD8E01A827D451@MBX4-PRO.xunta.local> H3C equipment has only this levels: 0:Visit, 1:monitor, 2:System and 3:Manage. I think I remember that if you select priv-lvl 0,1,2 and 3 in tac_plus.conf it assigns well the levels to the users, but this levels are not compatible with other vendors, due to this I will have to use the do_auth.py script to assign permissions. ---------------------------------------------------------------------------------------------------------------------------------------------- Nota: A informaci?n contida nesta mensaxe e os seus posibles documentos adxuntos ? privada e confidencial e est? dirixida unicamente ao seu destinatario/a. Se vostede non ? o/a destinatario/a orixinal desta mensaxe, por favor elim?nea. A distribuci?n ou copia desta mensaxe non est? autorizada. Nota: La informaci?n contenida en este mensaje y sus posibles documentos adjuntos es privada y confidencial y est? dirigida ?nicamente a su destinatario/a. Si usted no es el/la destinatario/a original de este mensaje, por favor elim?nelo. La distribuci?n o copia de este mensaje no est? autorizada. ---------------------------------------------------------------------------------------------------------------------------------------------- ?nase ao noso compromiso medioambiental: P?nseo 2 veces antes de imprimir este correo. ?nase a nuestro compromiso medioambiental: Pi?nselo 2 veces antes de imprimir este correo. -----Mensaje original----- De: tac_plus-bounces at shrubbery.net [mailto:tac_plus-bounces at shrubbery.net] En nombre de Daniel Schmidt Enviado el: martes, 06 de noviembre de 2012 23:42 Para: Vetoll; tac_plus at shrubbery.net Asunto: Re: [tac_plus] HWTACACS with H3C and 3Com priv_lvl:VISIT? Strange tac_pairs. What tac_pairs do you recieve on tac_plus? -----Original Message----- From: tac_plus-bounces at shrubbery.net [mailto:tac_plus-bounces at shrubbery.net] On Behalf Of Vetoll Sent: Sunday, November 04, 2012 7:32 AM To: tac_plus at shrubbery.net Subject: [tac_plus] HWTACACS with H3C and 3Com Hi, Here is my tac_plus config... How do I modify the privilege level on H3C? user = vetoll { login = PAM member = lab maxsess = 10 } #LAB Group group = lab { default service = permit service = exec { priv-lvl=15 } } This is my debug from the H3C switch... my user just fails to login. *May 2 12:42:22:696 2000 H3C.Linux.Core TAC/7/Event: Create HWTACACS authentication request packet success *May 2 12:42:22:698 2000 H3C.Linux.Core TAC/7/Event: TAC_MESSAGE for AAA->TAC: *May 2 12:42:22:699 2000 H3C.Linux.Core TAC/7/Event: TAC_MESSAGE for AAA->TAC: UserID=50 PacketType=3 AuthenType=1 AuthenService=1 PrivLevel=0 Version=c0 TemplateNum=0 UserName=vetoll at lab.test PortName=vty1 RemAddress=10.0.0.5 UserMsg= DataMsg= *May 2 12:42:22:741 2000 H3C.Linux.Core TAC/7/Event: TAC_MESSAGE for AAA->TAC: *May 2 12:42:22:743 2000 H3C.Linux.Core TAC/7/Event: TAC_MESSAGE for AAA->TAC: UserID=50 PacketType=3 AuthenType=1 AuthenService=1 PrivLevel=0 Version=c0 TemplateNum=0 UserName=vetoll at lab.test PortName=vty1 RemAddress=10.0.0.5 UserMsg= DataMsg= *May 2 12:42:22:744 2000 H3C.Linux.Core TAC/7/Event: Successfully found the FIB information for the server (Server IP: 10.200.159.251, VPN index: 0). *May 2 12:42:22:745 2000 H3C.Linux.Core TAC/7/Event: Got nas-ip 10.0.0.3 and VPN 0 of server 10.200.159.251. *May 2 12:42:22:746 2000 H3C.Linux.Core TAC/7/Event: Successfully set socket VPN attribute (VPN index: 0). *May 2 12:42:22:748 2000 H3C.Linux.Core TAC/7/Event: hwtacacs create new session : session id: 24107, user id: 50, server ip: 10.200.159.251 *May 2 12:42:22:749 2000 H3C.Linux.Core TAC/7/Event: version:c0 type:AUTHEN_REQUEST seq_no:1 flag:ENCRYPTED_FLAG session_id:5e2b length:42 action:AUTHEN_LOGIN priv_lvl:VISIT authen_type:AUTHEN_TYPE_ASCII service:AUTHEN_SVC_LOGIN user len:22 port len:4 rem_addr len:8 data len:0 user name:vetoll at lab.test port:vty1 rem_addr:10.0.0.5 data: *May 2 12:42:22:750 2000 H3C.Linux.Core TAC/7/Event: statistic: transmit flag:1, server flag: 0,packet flag:0xff *May 2 12:42:22:843 2000 H3C.Linux.Core TAC/7/Event: hwtacacs packet sending success! version:c0 type:01 sequence:01 flag:00 session id:24107 length:42 *May 2 12:42:22:844 2000 H3C.Linux.Core TAC/7/Event: Authentication sending(Result = 0) *May 2 12:42:23:145 2000 H3C.Linux.Core TAC/7/Event: version:c0 type:AUTHEN_REPLY seq_no:2 flag:ENCRYPTED_FLAG session_id:5e2b length:16 status:AUTHEN_STATUS_GETPASS flag:REPLY_FLAG_NOECHO server_msg len:10 data len:0 server_msg:Password: data: *May 2 12:42:23:146 2000 H3C.Linux.Core TAC/7/Event: statistic: transmit flag:2, server flag: 0,packet flag:0x5 *May 2 12:42:23:147 2000 H3C.Linux.Core TAC/7/Event: version:c0 type:AUTHEN_CONTINUE seq_no:3 flag:ENCRYPTED_FLAG session_id:5e2b length:15 user_msg len:****** data len:0 flag:0 user_msg:****** data: *May 2 12:42:23:148 2000 H3C.Linux.Core TAC/7/Event: hwtacacs packet sending success! version:c0 type:01 sequence:03 flag:00 session id:24107 length:15 *May 2 12:42:23:150 2000 H3C.Linux.Core TAC/7/Event: statistic: transmit flag:1, server flag: 0,packet flag:0xff *May 2 12:42:23:151 2000 H3C.Linux.Core TAC/7/Event: Authentication sending(Result = 0) *May 2 12:42:23:246 2000 H3C.Linux.Core TAC/7/Event: version:c0 type:AUTHEN_REPLY seq_no:4 flag:ENCRYPTED_FLAG session_id:5e2b length:6 status:AUTHEN_STATUS_FAIL flag:REPLY_FLAG_ECHO server_msg len:0 data len:0 server_msg: data: *May 2 12:42:23:247 2000 H3C.Linux.Core TAC/7/Event: TAC_MESSAGE for TAC->AAA: *May 2 12:42:23:249 2000 H3C.Linux.Core TAC/7/Event: TAC_MESSAGE for TAC->AAA: ulUserID=50 ucTACTemplateNO=0 ucflag=2 Echo=0 ServerMsg= *May 2 12:42:23:250 2000 H3C.Linux.Core TAC/7/Event: statistic: transmit flag:2, server flag: 0,packet flag:0x2 *May 2 12:42:23:251 2000 H3C.Linux.Core TAC/7/Event: hwtacacs session is deleted due to finishing session: session id: 24107, user id: 50, server ip: 10.200.159.251 Thanks!! -------------- next part -------------- An HTML attachment was scrubbed... URL: _______________________________________________ tac_plus mailing list tac_plus at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/tac_plus E-Mail to and from me, in connection with the transaction of public business, is subject to the Wyoming Public Records Act and may be disclosed to third parties. _______________________________________________ tac_plus mailing list tac_plus at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/tac_plus From daniel.schmidt at wyo.gov Fri Nov 9 00:04:39 2012 From: daniel.schmidt at wyo.gov (Daniel Schmidt) Date: Thu, 8 Nov 2012 17:04:39 -0700 Subject: [tac_plus] tacacs.org Message-ID: Anybody else happen to notice that tacacs.org is down? E-Mail to and from me, in connection with the transaction of public business, is subject to the Wyoming Public Records Act and may be disclosed to third parties. -------------- next part -------------- An HTML attachment was scrubbed... URL: