[tac_plus] logging all commands run

[Munroe Sollog]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

So the next tribulation in my quest for a fully auditing network environment is to have tacacs+
log _every_ command.

group = techs {
        service = exec {
                priv-lvl=2
	}
    cmd = show {
             permit .*
           }
    cmd = exit {
            permit .*
            }
   cmd = enable {
           permit .*
        }
}


When a member of this group issues the command 'show interface status' nothing is logged.  My best
guess as to why nothing is logged is because a 'normal' priv-lvl 1 user has access to that command
and thus there is no reason to do the authorization step, and thus it doesn't get logged.  Is
there a way to force logging for everything entered?  I'm willing to entertain some creative
solutions.

Thanks.
- - Munroe
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Icedove - http://www.enigmail.net/

iQEcBAEBAgAGBQJTS9q5AAoJEPbbZiWCKDVC6NgIAO34qKtC8G+qTNuCJ5a2L4NZ
8Rem5fr+u0FBr8y2SlvYd2AJKXP7ey626qD6exBTOUsjDxiCTP0G5istBnNcuxPZ
JeGd/4SgUKNYQURSC62F8vUeRXZdiyLFiy/vcops/yf22UF4u4GzvxHizdxo73+y
S36zf60B5mgwQ0C8aoHGX/O15H/dinCLwiZ1PV8l7mpqfcaB0Hpl3MskU53nzUm1
Kcbf/OjilSdvebnjoB7ujB5j70D0QuS9ugE8Q9RkZIGfx6tAAkdvlzoeVRiNzeY+
E3ayHA0nhlagi/Fy75Um20ERW3y3/65YETJLGsn+T2gOm2LCj7OcjNmzKMBH37o=
=HVK+
-----END PGP SIGNATURE-----