[RADIATOR] How to log authorizations of user commands?
Hugh Irvine
hugh at open.com.au
Tue Aug 27 08:03:14 UTC 2019
Hello Jan, Hello Patrick -
As Patrick says - Tacacs+ logs commands in accounting requests - therefore you need to configure appropriate recording of those accounting requests.
And as he also says, it is usually supplementary configuration on the device to make it actually send command accounting.
regards
Hugh
> On 27 Aug 2019, at 16:57, Patrik Forsberg <patrik.forsberg at ip-only.se> wrote:
>
> Hello,
> Well.. I don’t use success/fail logs for that but rather accounting – which can be done to ether a file or database, it does put demand on the client router/switch that it actually sends accounting details tho – but if you’re using tacacs++ that’s likely not an issue as most devices I’ve hit so far does that innate.
> It is also, kind of, logged in the radiator logfile but I’d say it’s safer to get it from accounting.
>
> ---
> Regards,
> Patrik Forsberg
>
> From: radiator <radiator-bounces at lists.open.com.au> On Behalf Of BeheerInfra-OT at kpn.com
> Sent: den 26 augusti 2019 11:04
> To: radiator at lists.open.com.au
> Cc: BeheerInfra-OT at kpn.com
> Subject: [RADIATOR] How to log authorizations of user commands?
>
> Hello Patrick and Hugh,
>
>
> Sorry for the late reply. I was on a short vacation.
>
> What I miss in the examples that you gave is the capture of the Cisco IOS commands in the authorization logging.
>
>
> Regards,
>
>
> Jan Gerrit
>
> _______________________________________________
> radiator mailing list
> radiator at lists.open.com.au
> https://lists.open.com.au/mailman/listinfo/radiator
--
Hugh Irvine
hugh at open.com.au
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER, SIM, etc.
Full source on Unix, Linux, Windows, macOS, Solaris, VMS, NetWare etc.
More information about the radiator
mailing list