Configuring TACACS+ System Accounting (SRC CLI)
You can use TACACS+ sysetm accounting to track and log software logins, configuration changes, and interactive commands. To audit these events, include the following statements at the [edit] hierarchy level:
Specifying TACACS+ Auditing and Accounting Events (SRC CLI)
You can specify the types of events you want to audit when using a TACACS+ accounting server.
To configure the types of events you want to audit:
From configuration mode, access the configuration statement used to specify TACACS+ events.
[edit]user@host# edit system accounting events eventsevents is one or more of the following:
login—Audit logins.
change-log—Audit configuration changes (copy, delete, edit, exit, help, history, insert, load, quit, rename, rollback, run, save, set, show, top, up).
interactive-commands—Audit interactive commands (any command-line input).
Events are published to the accounting server with the information described in Table 1.
Table 1: Information Published for Events
| Start Event | Stop Event | Update Event |
|---|---|---|
username (for instance: root) | username (for instance: root) | username (for instance: root) |
task_id: pid (for instance: 22956) | task_id: pid (for instance: 22956) | task_id: pid (for instance: 22956) |
startTime in seconds. The time the CLI session was created, measured in seconds, between the time it was created and midnight, January 1, 1970 UTC. | startTime in seconds. The time the CLI session was created, measured in seconds, between the time it was created and midnight, January 1, 1970 UTC. | executedTime in seconds. The time the CLI command was executed, measured in seconds, between the time it was executed and midnight, January 1, 1970 UTC. |
stopTime in seconds. The time the CLI session was destroyed, measured in seconds, between the time it was destroyed and midnight, January 1, 1970 UTC. | cmd (for instance: “show”) | |
cmd_arg (for instance: “sae subscribers brief”) |
Configuring TACACS+ Server Accounting (SRC CLI)
To configure TACACS+ server accounting:
From configuration mode, access the configuration statement used to specify the TACACS+ server address.
[edit]user@host# edit system accounting destination tacplus server server-address.In the server-address, specify the address or hostname of the TACACS+ server. To configure multiple TACACS+ servers, include multiple server statements.
Note: If no TACACS+ servers are configured at the [edit system accounting destination tacplus] statement hierarchy level, the SRC software uses the TACACS+ servers configured at the [edit system tacplus-server] hierarchy level.
Specify the source address used when communicating with the TACACS+ server.
[edit system accounting destination tacplus server server-address]user@host# set source-address source-addressSpecify the secret (password) the TACACS+ client uses to connect to the TACACS+ server. This password must match the password used by the server.
[edit system accounting destination tacplus server server-address]user@host# set secret secret(Optional) Specify the length of time (in seconds) that the SRC software waits to receive a response from the TACACS+ server.
[edit system accounting destination tacplus server server-address]user@host# set timeout timeoutBy default, the SRC software waits 3 seconds. You can configure this to be a value in the range 1 through 90 seconds.
Specify the TACACS+ server port number.
[edit system accounting destination tacplus server server-address]user@host# set port port-number
