[c-nsp] OT: TACACS+ help
Gert Doering
gert at greenie.muc.de
Sat Aug 28 18:02:22 EDT 2004
Hi,
On Sun, Aug 29, 2004 at 12:39:58AM +0530, Amol Sapkal wrote:
> Does anyone know of a linux-based TACACS server which can help me log
> the 'exact command' that an user who has run either in exec or config
> mode?
As far as I can see, the routers do not log the exact command (that is:
"the string the user has entered") to TACACS, but "what the router thought
the command was".
So if I type "sh run", the TACACS-Server will log "show running-config",
and I'm fairly sure that this translation doesn't happen in the server
(because we use a very old copy of the Cisco freeware TACACS+ server, and
this does happen as well for lots of commands that have been introduced
years later, so the server cannot possibly know about them...).
This means that the choice of server won't have an effect here.
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany gert at greenie.muc.de
fax: +49-89-35655025 gert at net.informatik.tu-muenchen.de
More information about the cisco-nsp
mailing list