(RADIATOR) accounting of commands

Hugh Irvine hugh at open.com.au
Fri May 9 21:02:52 CDT 2003


Hello Jesus -

As far as I am aware, Cisco's can only log command strings to a Tacacs+ 
server. This is because Tacacs+ uses TCP for its transport layer and 
radius uses UDP for its transport layer.

The configuration that you describe below is designed to limit a user 
that logs in to a Cisco router to only execute certain commands on the 
router (it does not log those commands).

regards

Hugh


On Friday, May 9, 2003, at 20:49 Australia/Melbourne, Díaz Pérez, Jesús 
wrote:

> Hi all,
>
> i am trying to save a log with the command that a user execute in a 
> Cisco router. reading Cisco docs, we can see:
>
> <<
>
> aaa accounting
> (...)
> commands
>  Runs accounting for all commands at the specified privilege level
>
> >>
>
> but i don't get Radiator to store the commands users do in the router 
> (actually i don't know if routers are sending the info).
>
> has anyone done something like this?
>
> thanks in advance.
>
> ONO
> Jesús M Díaz
> Ingeniería y Soporte IP
>            | Basauri, 5
>            | 28023 Madrid
>            | Tel: 91 1809109
>            | Fax: 91 1809245
>
>
>
> Mail Disclaimer
>
> La Informacion incluida en el presente correo electronico es SECRETO 
> PROFESIONAL Y CONFIDENCIAL, siendo para el uso exclusivo del 
> destinatario arriba mencionado. Si usted lee este mensaje y no es el 
> destinatario señalado, el empleado o el agente responsable de entregar 
> el mensaje al destinatario, o ha recibido esta comunicacion por error, 
> le informamos que esta totalmente prohibida cualquier divulgacion, 
> distribucion o reproduccion de esta comunicacion, y le rogamos que nos 
> lo notifique inmediatamente y nos devuelva el mensaje original a la 
> direccion arriba mencionada.
>
> Gracias.
>
> The information contained in this e-mail is LEGALLY PRIVILEDGED AND 
> CONFIDENTIAL and is intended only for the use of the addressee named 
> above. If the reader of this message is not the intended recipient or 
> the employee or agent responsible for delivering the message to the 
> intended recipient, or you have received this communication in error, 
> please be aware that any dissemination, distribution or duplication of 
> this communication is strictly prohibited, and please notify us 
> immediately and return the original message to us at the address > above.
>
> Thank you.
>
>
>

NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/enriched
Size: 3745 bytes
Desc: not available
URL: <http://www.open.com.au/pipermail/radiator/attachments/20030510/d7c7ac26/attachment.bin>


More information about the radiator mailing list