Regarding Tacacs+ Accounting

Similar Messages

• Tacacs+ accounting log question

  I have a tacacs server running for accounting purpose only (so I use local authentiation). So I can collect all accounting logs only.
  This is a snapshot for accounting part.
  Tacacs accounting logs
  <102> 2014-02-23 10:20:22 [10.254.1.2:22823] 02/23/2014 10:20:22 NAS_IP=10.254.1.x Port=443 rem_addr=10.254.50.129 User= brian Flags=Stop task_id=57 cmd=perfmon interval 10 service=shell elapsed_time=0
  <102> 2014-02-23 10:23:51 [10.254.1.2:58167] 02/23/2014 10:23:51 NAS_IP=10.254.1.x Port=0 rem_addr=10.254.50.129 User=brian Flags=Stop task_id=58 cmd=configure term service=shell elapsed_time=0
  <102> 2014-02-24 07:06:31 [10.254.1.2:19784] 02/24/2014 07:06:31 NAS_IP=10.254.1.x Port=443 rem_addr=10.254.51.166 User=mike Flags=Stop task_id=59 cmd=perfmon interval 10 service=shell elapsed_time=0
  <102> 2014-02-24 07:07:53 [10.254.1.2:19254] 02/24/2014 07:07:53 NAS_IP=10.254.1.x Port=0 rem_addr=10.254.51.166 User=mike Flags=Stop task_id=5a cmd=configure term service=shell elapsed_time=0
  As you can see, I can't see any command lines, such as show int ip b.   I can see all routers and switches logs, but ASA logs shows only like above. No mather what commands I used, it only shows above logs. Do i miss something? I like to capture all commands lines when users use ASDM because we use always ASDM.
  I used Free tacacs+ server, not ACS.
  Thanks for your time.

  Hi Patrick,
  In the ACS View Reports (Monitoring & Reports >     Reports >     Catalog >     AAA Protocol) you can select the
  radio button and by selecting 'Run' on the bottom run a specific query. Without that by default you will see only a report from one day.
  For the 2nd question, yes the ACS View is designed to store that information, however if needed you can send the logs to an external syslog server or perfrom regular backups of the ACS View database.
  Kind regards,
  Pawel

• TACACS+ Accounting "Network Access Profile" name is missing

  Hello,
  I have a problem trying to export logs to the Cisco ACS View from my ACS 4.2
  In the document http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_view/4.0/user/guide/appendixA.html Cisco states that one of the mandatory attributes for export to work is "Network Access Profile Name" under TACACS+ Accounting (under ACS 4.2 System configuration -> Logging settings). Well, I don't have this mandatory attribute listed in ACS under TACACS+ accounting log configuration. I tried to ignore this attribute, but then ACS View complains about null value for the attribute mentioned above.
  Is this some bug in ACS View or ACS or maybe I simply missing something?;)
  Best Regards,
  Igor

  Cisco created a new bug for it:
  CSCtq85420
  Best Regards,
  Igor

• TACACS+ Accounting Question

  Dear all,
  I would like to know TACACS+ accounting option in cisco.
  We deployed AAA machine which is Avenda in our operation network and able to capture accounting commands ONLY for valid commands. Does the TACACS+ also can capture invalid commands and send to Avenda (Our AAA machine) ?
  Please help to clarify.

  Hi,
  This is something device specific. In case of IOS it forwards only valid commands to tacacs server. Example- If we issue command "show user" it will log it and if we issue command "show dog" it will not be logged.
  Hope that helps!
  Regards,
  ~JG
  Do rate helpful posts

• Read a file having name (TACACS+ Accounting active.csv)  in java

  how to read a file having name (TACACS+ Accounting active.csv) in java through buffer reader

  Did you take even a millisecond to try anything?
  Here's my hint.
  "The same way you read anything else with a BufferedReader."

• NCS TACACS accounting via ACS

  If I choose to authenticate NCS users through Cisco ACS (5.4 in this instance) via TACACS, do I still have the ability to do accounting to track what changes they have made?  I'm not getting anything in the TACACS accounting reports and I don't see anywhere to configure TACACS for accounting within NCS gui like I can on a WLC.  I know that NCS has an internal audit trail but if a users account is both a local account on NCS as well as an account being authenticated through ACS does the Audit trail on NCS for that local user still contain the information about changes the user made?  I ask because it looks like it does but I want to make sure I'm not going mad.  Here is my example:
  Local account username:  NCS_Admin2
  AD account via TACACS username:  NCS_Admin2
  Audit trail for the NCS_Admin2 account on NCS looks like changes are being logged to NCS even though the user is logging in with their AD credentials via TACACS.
  I know that is probably as clear as mud.
  Thanks.
  Todd

  User is authenticated with TACACS
  NCS_Admin2
  NCS.customerdomain.local
  2013-Mar-05, 10:18:30 EST
  2013-Mar-05, 11:22:36 EST
  TACACS+
  Admin 

• Config the TACACS+ Accounting attributes

  hi,
  the ACS4.1 as AAA server using TACACS+ ,the customer wants to record the command they used when they loggined the AAA client ,how to config the TACACS+ Accounting attributes ?

  These commands will perform accounting records whenever a level 0,1,15 command is used
  This is logged to the
  "Reports and Activities" -> "TACACS+ Administration"
  aaa accounting commands 0 default start-stop group tacacs+
  aaa accounting commands 1 default start-stop group tacacs+
  aaa accounting commands 15 default start-stop group tacacs+

• Need to speak to someone at the iTune Store regarding my account.  I am having problem and would like to speak to someone

  Having problem connecting with someone at iTune Store.  Austen send me an e-mail this morning regarding my issue and he said there is a payment problem the order number is MG*****11S I need to know what is the balance of payment in this account, so that I can solve this issue.  I am not able to download free app to my ipod touch.
  <Edited By Host>

  There is no telephone support for itunes.
  Click Supoprt at the top of this page, then click the link under Contact Us.

• Regarding Customer Account group

  Hi Guys,
  I've got confused at one step in Customer master.
  When i open my customer master, it shows me the description of account group but no code is visible.
  so tell me what settings are needed to be maintained in the screen here to make customer account group code & description visible.
  thanks
  Please search the forums before posting - see [rules of engagement|https://wiki.sdn.sap.com/wiki/display/HOME/RulesofEngagement]
  Edited by: Ian Kehoe on Mar 2, 2012 2:20 PM

  hi tarun
  this thread is routine thread first in form ,
  first you will go to sap easy access , here menu bar down one icon is their customizing local layout this is line of the save icon in last  icon, other wise press (alt+f12), click on this icon system sows some tabs , you select expert tab here you activate all , then you will check , number ,codes it automatically come.
  it is not available , check this
  click on customizing local layout icon , and click on options here integration design- visualization &interaction tab-activate  contorls -batch input list ,
  and also check accessibility &scripting setiings
  please try this
  regards
  sankar

• Regarding customer account not updated properly

  Hi gurus
  My customer account is not updated plz solve my issue.
  one material is sold to customer for rs 9/- insted of rs 10/- the difference amount is posted in sd side, all  taxes are updated in background processing. How we will update in customer.
  Plz suggest
  Edited by: Ravi Kanth on Jan 6, 2009 6:02 PM

  Hi there,
  According to == the FAQ ==
  "The recurring payment is taken three days in advance of your subscription expiring, to ensure prompt delivery of your subscription."
  Hth
  On ne regarde pas l'avenir dans un rétroviseur !
  IMac Intel Core i3 3.2 GHz - RAM 12 GB - OS 10.10.3
  Skype 7.8.391
  Logitech usb headset or Jabra 250 bt

• Regarding alternative account

  Dear All,
  My client wants to clear alternative account of a G/L account (Recon account for Asset). For which G/L account's balance must be zero. Can any one please suggest me how to clear balance of recon G/L account.
  Thanks in Advance!
  Regards,
  Nidhi

  Hi Sanjeev,
  I tried tcode ABF1, but system gives below error
  Account 2110000 in company code EIB cannot be directly posted to
  Message no. F5354
  Diagnosis
  Account "2110000" in company code "EIB" is marked as a reconciliation account for account type "A" and cannot therefore be directly posted to.
  System Response
  Error
  Procedure
  Select a different account.
  As respective GL account is recon account, system doesn't allow any direct posting to it.
  Regards,
  Nidhi

• Clarification Regarding Asset Accounting Chart of Depreciation Copy

  Hi,
  We have a company code called ACT
  For that we have a chart of depreciation assigned is ACT
  Number Ranges are 1000000-1999999 (For Example)
  Now we configured one more company code called RNC by Copying ACT company code and other settings from ACT company code only.
  Clarification required - In Asset Accounting for Company code RNC we are plannint to assign chart of depreciation ACT as it is.
  If we do like that - System will take the number ranges from the above ACT number ranges 1000000-1999999 ? or else system will take 1000000-1999999  number ranges from RNC company code? This is my doubt?
  I think system will share the 1000000-1999999  number ranges in Asset accounting for both company codes ACT & RNC as we are using Same ACT chart of depreciation for Both company codes.
  If we assign Same chart of Depreciation to both ACT and RNC company codes - Is it necessary to do any other configuration or no need to do any?
  Kindly clarify my doubt
  Thanks
  Supriya

  Hello,
  Make sure that the both the company codes are in a single country before assigning the same chart of depreciation.
  The number range of assets are defined at company code level. Meaning that you can have the same asset number in different company codes. The system will not share the number ranges across company codes.
  Regards,
  Ravi

• Regarding GL ACCOUNTS -- Jyothsna

  Dear Friends,
        When i am opening GL accounts I am getting an error message saying that -- "No PTCOAL statement account type is defined in Chart of Accounts ". It is not accepting the retained earnings account as it is telling that your account number doesn't exist. Eventhough i have given the account numbers for Assets, Liabilities, Income and Expenditure in account groups.
       Please try to give your valuble suggestion as i am a new user.
  Regards
  Jyothsna

  Hi..this is the error due to non defining the retained earnings in OB53 T.code..the message which you get saying that the GL account does not exist is only a WARNING MESSAGE...ignore the error and press enter when u get the message.
  The data gets saved and you can create GL accounts without any error.
  Hope Iam clear and your querry gets resolved.
  Please assign points if helpful
  Thanks & Regards
  Aravind

• FI-GL: Question regarding "alternative account no." - Why in BSEG?

  Hi all,
  I have another question. I think this is really a little bit tricky this time (I spend a lot of time investigating this question but couldn't find an answer).
  It's regarding the field "alternative account no." in FS00 (table SKB1-ALTKT) and it's about the design of the SAP system regarding this feature (alternative chart of account).
  We've one company code (Belgium) in the system which uses alternative account numbers for a country specific local chart of accounts. The country specific chart of accounts BE01 is assigned to this company code in OBY6 besides the operative chart of accounts. The company code is in production for some years so there are many postings up to now. So far so good. Now, they have found an error in the assignment from alternative account to operative account. As a result, they want us to evaluate the option to change the alternative account number for this account in the transaction FS00.
  For sure, it's not possible to change the alternative account no. in FS00 as long as there is a balance on this account. But if you post this balance to a temporary / technical account, it's possible to change the alternative account no. If you do this, SAP will give you the message FH 165 which is a warning and not a error message (so you can save the changes). After that, it's possible to create an inverse posting in order to get the balance back to this account.
  Now to the strange part (for me): Why does SAP record this alternative account no. for each document line item in the BSEG table in the field BSEG-LOKKT? This is also what the message FH 165 is about. For me, this does not really make sense, but I'm sure that I miss a detail somewhere.
  I mean, you know for example that the alternative account A belongs to the operative account B (via FS00 / SKB1-ALTKT). Therefore, why do you need to write this account to every single line item in BSEG? Why doesn't SAP just substitute the operative account no. with the alternative account no. in all relevant reports (RFBILA00, balance display S_ALR_87012277...).
  The background of my question is now: If I zero out the balance and change the alternative account number in FS00, then all postings up to now won't be changed automatically. So for all postings up to now, the old alternative account no. remains in the BSEG table. For all new postings, the new alternative account no will be in the BSEG table. So from my understanding, there will be an inconsistency in the database if I change the alternative account no.
  In order to evaluate whether I can change the alternative account no. without risking inconsistencies, I would now need to know how this field (BSEG-LOKKT) is used in the SAP system. Is it used in any special reports or for what purpose is it in the BSEG table? What about the balance table GLT0? Is there also a special balance table for the alternative account no. in the system or how are the balances (e.g. for RFBILA00) calculated for the alternative chart of accounts?
  I would be very glad for any help as I am really at the end with my SAP knowledge on this point.
  Thank you in advance and sorry for the long (and maybe confusing?) posting.
  Regards,
  Peter

  hi Peter,
  I believe the system is perfectly designed in this case
  Let's say you have G/L account A in Operative CoA, which is linked to account 1 in Alternative CoA. Than the local law changes and you have to link account A to account 2 from 01.01.2008. The system works perfectly: All the items which were posted earlier are still shown on Alternative account 1 (according to local law for last year), while the new items will be shown on account 2 (according to local law for the new year).
  BSEG-LOKKT is only used for reporting, does not control anything. On the other hand there won't be any inconsistency in your system, if you change the alternative account number acc. to business needs.
  hope this helps
  ec

• Mds and tacacs accounting

  Hi, i'm trying to get a mds 9509 to work with cisco ACS. I've got it okay for login authentication, however I can't seem to get it the report accounting info i.e. any changes. I came across a document that stated that the mds uses interim-update Radius accounting request packets to communicate log info to the radius server.
  I'm using TACACS+ for authentication, but created a radius server and group on the mds pointing towards radius on the ACS for accounting by no joy.
  Has anyone been successful in getting this to owrk, and if so could you tell me how.
  thanks in advance
  Grant

  Try this URL:
  http://www.cisco.com/en/US/products/ps5989/products_configuration_example_chapter09186a0080530cd1.html