[Contents]
[Prev]
[Next]
[Index]
[Report an Error]
Accounting
The TACACS+ accounting service enables you to create
an audit trail of User Exec sessions and command-line interface (CLI)
commands that have been executed within these sessions. For example,
you can track user CLI connects and disconnects, when configuration
modes have been entered and exited, and which configuration and operational
commands have been executed.
You configure TACACS+ accounting in the JUNOSe
software by defining accounting method lists and then associating
consoles and lines with the method lists. You define an accounting
method list with a service type, name, accounting mode, and method:
- service type—Specifies the type of information being
recorded
- name—Uniquely identifies an accounting method list
within a service type
- accounting mode—Specifies what type of accounting
records will be generated
- method—Specifies the protocol for sending the accounting
records to a security server
You can then configure consoles and lines with
an accounting method list name for each service type:
- Method list—A specified configuration that defines
how the NAS performs the AAA accounting service. A service type can
be configured with multiple method lists with different names, and
a method list name can be used for different service types. Initially,
no accounting method list is defined; therefore TACACS+ accounting
is disabled.
- Default method list—Configuration used by consoles
and lines when no named method list is assigned. You enable TACACS+
accounting by defining default accounting method lists for each service
type.
- Named method list—Assigned to a console, specific
line, or group of lines; overrides the default method list.
- Service type—Specifies the type of information provided
by the TACACS+ accounting service:
- Exec—Provides information about User Exec terminal
sessions, such as telnet, Local Area Transport (LAT), and rlogin,
on the NAS.
- Commands <0-15>—Provides information about User
Exec mode CLI commands for a specified privilege level that are being
executed on the NAS. Each of the sixteen command privilege levels
is a separate service type. Accounting records are generated for commands
executed by users, CLI scripts, and macros.
- Accounting mode—Specifies the type of accounting
records that are recorded on the TACACS+ server. Accounting records
track user actions and resource usage. You can analyze and use the
records for network management, billing, and auditing purposes.
- start-stop—A start accounting record is generated
just before a process begins, and a stop accounting record is generated
after a process successfully completes. This mode is supported only
for the Exec service type.
- stop-only—A stop accounting record is generated
after a process successfully completes. This mode is supported only
for the Commands service types.
The NAS sends TACACS+ accounting packets to the
TACACS+ host. The accounting packets contain data in the packet header,
packet body, and attribute-value pairs (AVPs). Table 62 provides descriptions of the TACACS+ accounting data.
Table 62: TACACS+
Accounting Information
|
Field/Attribute
|
Location
|
Description
|
|
major_version
|
Packet header
|
Major TACACS+ version number
|
|
minor_version
|
Packet header
|
Minor TACACS+ version number
|
|
type
|
Packet header
|
Type of the AAA service: Accounting
|
|
flags
|
Packet body
|
Bitmapped flags representing the record type: start accounting
record or stop accounting record
|
|
priv-level
|
Packet body
|
Privilege level of the user executing the Exec session or CLI
command: 0 - 15
|
|
user
|
Packet body
|
Name of user running the Exec session or CLI command
|
|
port
|
Packet body
|
NAS port used by the Exec session or CLI command
|
|
rem-addr
|
Packet body
|
User’s remote location; either an IP address or the caller
ID
|
|
service
|
AVP
|
User’s primary service: Shell
|
|
cmd
|
AVP
|
CLI command that is to be executed: specified for Command-level
accounting only
|
|
task_id
|
AVP
|
Unique sequential identifier used to match start and stop records
for a task
|
|
elapsed_time
|
AVP
|
Elapsed time in seconds for the task execution: specified for
Exec-level accounting stop records only
|
|
timezone
|
AVP
|
Time zone abbreviation used for all timestamps
|
[Contents]
[Prev]
[Next]
[Index]
[Report an Error]
