December 2006
Intermediate to advanced
1188 pages
72h 8m
English
Content preview from Cisco IOS Cookbook, 2nd EditionBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Logging System Events
Problem
You want to log various system events.
Solution
AAA Accounting includes the ability to log a variety of system events, including timestamps, along with associated usernames:
Router1#configure terminalEnter configuration commands, one per line. End with CNTL/Z. Router1(config)#aaa new-modelRouter1(config)#aaa accounting exec default start-stop group tacacs+Router1(config)#aaa accounting connection default start-stop group tacacs+Router1(config)#aaa accounting system default stop-only group tacacs+Router1(config)#endRouter1#
Discussion
In addition to capturing keystroke logs, AAA accounting can gather other useful pieces of information, such as exec, connection, and system events:
- exec
This feature captures and timestamps the beginning and ending of a user’s Exec session on the router.
- connection
This allows you to gather information about outgoing connections using an interactive protocol such as Telnet, SSH, or RSH.
- system
When you enable this feature, AAA forwards information about system events such as router reboots or the disabling of AAA accounting.
Here is an example of an exec log entry:
Fri Jan 3 11:11:40 2003 toronto ijbrown tty67 172.25.1.1 start task_id=514 start_time=1041610300 timezone=EST service=shell Fri Jan 3 11:18:47 2003 toronto ijbrown tty67 172.25.1.1 stop task_id=514 start_time=1041610300 timezone=EST service=shell disc-cause=1 disc-cause-ext=1020 connect-progress=101 elapsed_time=427 nas-rx-speed=0 nas-tx-speed=0
These two records show ...