[tac_plus] logging all commands run
Munroe Sollog
mus3 at Lehigh.EDU
Mon Apr 14 14:38:35 UTC 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I am using accounting. The behavior though is a bit confusing to me. For example, the user
'luser' has the following stanza in the tac_plus.conf:
user = luser {
default service = permit
login = file /usr/local/etc/tac_passwd_file
service = exec {
priv-lvl = 2
}
cmd = show {
permit .*
}
}
The following is an excerpt from the accounting log as well as the actual switch session. As you
can see the first time I try 'conf t' nothing is logged, when I am still priv-lvl 2 and run 'show
interface status' nothing is logged. However, after I 'enable' (typoed the password the first
time) and then run a 'do show interface status' then it is logged. I'm wondering why isn't my
'show interface status' logged the first time.
====tacacs accounting log====
Apr 14 10:30:46 192.168.1.126 luser tty2 192.168.1.76 start task_id=334 timezone=UTC
service=shell start_time=1397485846
Apr 14 10:31:01 192.168.1.126 luser tty2 192.168.1.76 stop task_id=334 timezone=UTC
service=shell start_time=1397485861 priv-lvl=0 cmd=enable <cr>
Apr 14 10:31:07 192.168.1.126 luser tty2 192.168.1.76 stop task_id=335 timezone=UTC
service=shell start_time=1397485867 priv-lvl=0 cmd=enable <cr>
Apr 14 10:31:12 192.168.1.126 luser tty2 192.168.1.76 stop task_id=336 timezone=UTC
service=shell start_time=1397485872 priv-lvl=15 cmd=configure terminal <cr>
Apr 14 10:31:16 192.168.1.126 luser tty2 192.168.1.76 stop task_id=337 timezone=UTC
service=shell start_time=1397485876 priv-lvl=15 cmd=do sho interface status <cr>
=======switch session=====
$ ssh luser at 192.168.1.126
Password:
Switch#show interface status
Port Name Status Vlan Duplex Speed Type
Gi0/1 this is int 1 connected 1 a-full a-1000 10/100/1000BaseTX
Gi0/2 notconnect 1 auto auto 10/100/1000BaseTX
Gi0/3 notconnect 1 auto auto 10/100/1000BaseTX
Gi0/4 notconnect 1 auto auto 10/100/1000BaseTX
Gi0/5 notconnect 1 auto auto 10/100/1000BaseTX
Gi0/6 notconnect 1 auto auto 10/100/1000BaseTX
Gi0/7 notconnect 1 auto auto 10/100/1000BaseTX
Gi0/8 connected 1 a-full a-1000 10/100/1000BaseTX
Switch#conf t
^
% Invalid input detected at '^' marker.
Switch#enable
Password:
% Error in authentication.
Switch#enable
Password:
Switch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#do sho interface status
Port Name Status Vlan Duplex Speed Type
Gi0/1 this is int 1 connected 1 a-full a-1000 10/100/1000BaseTX
Gi0/2 notconnect 1 auto auto 10/100/1000BaseTX
Gi0/3 notconnect 1 auto auto 10/100/1000BaseTX
Gi0/4 notconnect 1 auto auto 10/100/1000BaseTX
Gi0/5 notconnect 1 auto auto 10/100/1000BaseTX
Gi0/6 notconnect 1 auto auto 10/100/1000BaseTX
Gi0/7 notconnect 1 auto auto 10/100/1000BaseTX
Gi0/8 connected 1 a-full a-1000 10/100/1000BaseTX
Switch(config)#
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Icedove - http://www.enigmail.net/
iQEcBAEBAgAGBQJTS/LqAAoJEPbbZiWCKDVC9FsH/RJg+iSM1ahnLD2lTfxyJbsR
p1Dwklt66Hzjck3LDSDy7cRkcpcSk9g9cS8tkZrvjmP3fC/z5qKcKuFNtJD7rvp8
uVNO/CUAp14T3zyEgXebPtDRkHH/5sUO5g9m+wK2tqQVTj9PCwkVKgonFMQbpbim
Lt2FxrCVM68G7cvf9F23/rvMnPn5fQjTtWYqbgfGA8fsNh2DtH07LHmFQQUgnMj3
FIWPExMommrmV98EcKUYghyRK9kOmwbMEWXTQABRebfqrshgnmah1WmrPSMiN8th
2l7VFvzqZmFgdB7gc7BZwrDWCRs61+Ec2iJ5d05MtWlLU04NHWQAy3Urc24Ba6g=
=D5BM
-----END PGP SIGNATURE-----
More information about the tac_plus
mailing list