Hello Jan, Hello Patrick - As Patrick says - Tacacs+ logs commands in accounting requests - therefore you need to configure appropriate recording of those accounting requests.
And as he also says, it is usually supplementary configuration on the device to make it actually send command accounting. regards Hugh > On 27 Aug 2019, at 16:57, Patrik Forsberg <[email protected]> wrote: > > Hello, > Well.. I don’t use success/fail logs for that but rather accounting – which > can be done to ether a file or database, it does put demand on the client > router/switch that it actually sends accounting details tho – but if you’re > using tacacs++ that’s likely not an issue as most devices I’ve hit so far > does that innate. > It is also, kind of, logged in the radiator logfile but I’d say it’s safer to > get it from accounting. > > --- > Regards, > Patrik Forsberg > > From: radiator <[email protected]> On Behalf Of > [email protected] > Sent: den 26 augusti 2019 11:04 > To: [email protected] > Cc: [email protected] > Subject: [RADIATOR] How to log authorizations of user commands? > > Hello Patrick and Hugh, > > > Sorry for the late reply. I was on a short vacation. > > What I miss in the examples that you gave is the capture of the Cisco IOS > commands in the authorization logging. > > > Regards, > > > Jan Gerrit > > _______________________________________________ > radiator mailing list > [email protected] > https://lists.open.com.au/mailman/listinfo/radiator -- Hugh Irvine [email protected] Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER, SIM, etc. Full source on Unix, Linux, Windows, macOS, Solaris, VMS, NetWare etc. _______________________________________________ radiator mailing list [email protected] https://lists.open.com.au/mailman/listinfo/radiator
