accounting

Description                                                    Configure TACACS+ as the accounting method for recording information about user activi­ties. The ACOS device supports the following types of accounting:

     EXEC accounting – provides information about EXEC terminal sessions (user shells) on the ACOS device.

     Command accounting – provides information about the EXEC shell commands exe­cuted under a specified privilege level. This command also allows you to specify the debug level.

Syntax                                                                  [no] accounting exec {start-stop | stop-only} {radius | tacplus}

[no] accounting commands cmd-level stop-only tacplus

[no] accounting debug debug-level

Parameter

Description

start-stop

Sends an Accounting START packet to TACACS+ servers when a user establishes a CLI session, and an Accounting STOP packet when the user logs out or the session times out.

stop-only

Only sends an Accounting STOP packet when the user logs out or the session times out.

radius | tacplus

Specifies the type of accounting server to use.

cmd-level

Specifies which level of commands will be accounted:

  15 (admin) - commands available to the admin (all commands).

  14 (config) - commands available in config mode (not including the commands of the admin and those under the admin mode).

  1 (priv EXEC) - commands available in privileged EXEC mode.

  0 (user EXEC) - commands available in user EXEC mode.

Command levels 2-13 as the same as command level 1.

debug-level

Specifies the debug level for accounting. The debug level is set as flag bits for different types of debug messages. The ACOS device has the following types of debug messages:

  0x1 - Common information such as “trying to connect with TACACS+ servers”, “getting response from TACACS+ servers”; they are recorded in syslog.

  0x2 - Packet fields sent out and received by ACOS, not including the length fields; they are printed out on the terminal.

  0x4 - Length fields of the TACACS+ packets will also be printed on the terminal.

  0x8 - Information about the TACACS+ MD5 encryption is recorded in syslog.

Default                                                                N/A

Mode                                                                   Configuration mode

Usage                                                                  The accounting server also must be configured. See radius-server or tacacs-server host.

Example                                                            The following command configures the ACOS device to send an Accounting START packet to the previously defined TACACS+ servers when a user establishes a CLI session on the device. The ACOS device also will send an Accounting STOP packet when a user logs out or their session times out.

ACOS(config)#accounting exec start-stop tacplus

 

Example                                                            The following command configures the ACOS device to send an Accounting STOP packet when a user logs out or a session times out.

ACOS(config)#accounting exec stop-only tacplus

 

Example                                                            The following command configures the ACOS device to send an Accounting STOP packet to TACACS+ servers before a CLI command of level 14 is executed.

ACOS(config)#accounting commands 14 stop-only tacplus

 

Example                                                            The following command specifies debug level 15 for accounting.

ACOS(config)#accounting debug l5

Table of Contents

Index

Glossary

-Search-

Back