Hello,
This is all possible.
Check the goodies directory for
tacacsplusserver.cfg
tacplus.txt

they give good hints on how to set this up.

As for success/fail you can use for example
        <AuthLog FILE>
                Identifier      AuthLogger
                Filename        %L/fail-authlog
                LogSuccess      0
                LogFailure      1
                FailureFormat   %l REJECT user=%u from=%c nas=%N 
client=%{Request:Calling-Station-Id}
        </AuthLog>
        <AuthLog FILE>
                Identifier      IdentSuccessAuthLogger
                LogSuccess      1
                LogFailure      0
                Filename        %L/success-authlog
                SuccessFormat   %l ACCEPT user=%u from=%c nas=%N 
client=%{Request:Calling-Station-Id}
        </AuthLog>

Which would create one success logfile and one failure logfile and also pick 
out the interesting bits ..


---
Regards,
Patrik Forsberg

From: radiator <radiator-boun...@lists.open.com.au> On Behalf Of 
beheerinfra...@kpn.com
Sent: den 15 augusti 2019 14:29
To: radiator@lists.open.com.au
Subject: [RADIATOR] Radiator TACACS+: How to log authorizations of user 
commands?

Hello fellow Raditor AAA users,


We like to setup logging of Tacacs+ command authorization. We were only able to 
find Authentication an Account logging examples.
Authentication successes and failures in a single line log entry would be a 
great feature, instead of having to re-reading a complete user session in 
/var/log/radiator/radiator.log to find out which commands where used.

Regards,


Jan Gerrit Kootstra
On behalve of KPN ACN Present BeheerInfra Services.


_______________________________________________
radiator mailing list
radiator@lists.open.com.au
https://lists.open.com.au/mailman/listinfo/radiator

Reply via email to