[tac_plus] accounting logging question
Eric Freeman
eric.freeman at tbwachiat.com
Thu Oct 22 15:52:55 UTC 2015
Please let me know if you need more information. When I try to log
accounting packets so I can capture what commands were run on the HP switch
I receive an error in my tacacs log. Below is information which hopefully
you will find useful.
Please let me know if you have any ideas why it isn't logging the commands
in my tacacs log.
I have attached my tacacs config and the relevant config on my HP switch. I
have also attached some of the log from the tacacs application
Hi, I am running tacacs F4.0.4.28 on Red Hat 7.1 I have tacacs running on
an HP 7510
cat /etc/redhat-release
CentOS Linux release 7.1.1503 (Core)
Thu Oct 22 11:11:08 2015 [13661]: Reading config
Thu Oct 22 11:11:08 2015 [13661]: Version F4.0.4.28 Initialized 1
Thu Oct 22 11:11:08 2015 [13661]: tac_plus server F4.0.4.28 starting
Thu Oct 22 11:11:08 2015 [13662]: Backgrounded
Thu Oct 22 11:11:08 2015 [13663]: socket FD 0 AF 2
Thu Oct 22 11:11:08 2015 [13663]: uid=0 euid=0 gid=0 egid=0 s=36031184
From /var/log/tac_plus.log
Thu Oct 22 11:21:10 2015 [13726]: Error 10.89.64.17: acct minimum payload:
198, got: 188
I am using tacacs to authenticate to an HP Switch
<7thFloorHP-Bertha>dis version
HP Comware Platform Software
Comware Software, Version 5.20.105, Release 6708P10
Copyright (c) 2010-2015 Hewlett-Packard Development Company, L.P.
Thank you,
Eric
*Eric Freeman*
Technical Director/NA for TBWA\Chiat\Day
TBWA\Chiat\Day New York
488 Madison Ave.
New York NY 10022
United States of America
Tel: +12128041324
Twitter: @tbwachiatny <http://www.twitter.com/tbwachiatny>
http://www.tbwachiatdayny.com/
--
This e-mail is intended only for the named person or entity to which it is addressed and contains valuable business information that is privileged, confidential and/or otherwise protected from disclosure. If you received this e-mail in error, any review, use, dissemination, distribution or copying of this e-mail is strictly prohibited. Please notify us immediately of the error via e-mail to disclaimer at email-abuse.com and please delete the e-mail from your system, retaining no copies in any media. We appreciate your cooperation.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/tac_plus/attachments/20151022/79ff06d3/attachment.html>
-------------- next part --------------
key=""
accounting file = /var/log/tac_pluscct.log
acl = XXXX {
permit = $
deny = .*
}
group = XXXX {
default service = permit
acl = XXXX
login =
}
user = XXXX {
member = XXXX
login =
}
user = XXXX {
login =
service = shell {
}
}
user = XXXX {
login =
service = shell {
}
}
user = rancid {
login =
service = shell {
}
}
##### ENABLE PASSWORD!
user = {
login =
}
user = {
login =
}
hwtacacs scheme tacacs
primary authentication 10.89.68.20
secondary authentication 10.89.4.7
primary accounting 10.89.68.20
key authentication cipher
user-name-format without-domain
domain tacacs
authentication default hwtacacs-scheme tacacs local
authorization default none
accounting default hwtacacs-scheme tacacs local
access-limit disable
state active
idle-cut disable
self-service-url disable
accounting optional
Thu Oct 22 11:11:08 2015 [13661]: Reading config
Thu Oct 22 11:11:08 2015 [13661]: Version F4.0.4.28 Initialized 1
Thu Oct 22 11:11:08 2015 [13661]: tac_plus server F4.0.4.28 starting
Thu Oct 22 11:11:08 2015 [13662]: Backgrounded
Thu Oct 22 11:11:08 2015 [13663]: socket FD 0 AF 2
Thu Oct 22 11:11:08 2015 [13663]: uid=0 euid=0 gid=0 egid=0 s=36031184hu Oct 22 11:15:54 2015 [13709]: connect from 10.89.64.17 [10.89.64.17]
Thu Oct 22 11:15:54 2015 [13709]: login query for 'efreeman' port vty1 from 10.89.64.17 ac
cepted
Thu Oct 22 11:15:54 2015 [13710]: connect from 10.89.64.17 [10.89.64.17]
Thu Oct 22 11:15:54 2015 [13710]: Error 10.89.64.17: acct minimum payload: 71, got: 68
Thu Oct 22 11:16:00 2015 [13711]: connect from 10.89.64.17 [10.89.64.17]
Thu Oct 22 11:16:00 2015 [13711]: enable query for 'efreeman' unknown from 10.89.64.17 acc
epted
More information about the tac_plus
mailing list