[c-nsp] OT: TACACS+ help
Amol Sapkal
amolsapkal at gmail.com
Sat Aug 28 19:08:06 EDT 2004
Thats ok.
Its fine, if I can know what command was executed.
Basically, my final aim is to track changes.
Could you help me with what package are you talking of?
Is this the TACACS+ package made available by cisco?
If you got a link, it would be great!
TIA,
Amol Sapkal
On Sun, 29 Aug 2004 00:02:22 +0200, Gert Doering <gert at greenie.muc.de> wrote:
> Hi,
>
> On Sun, Aug 29, 2004 at 12:39:58AM +0530, Amol Sapkal wrote:
> > Does anyone know of a linux-based TACACS server which can help me log
> > the 'exact command' that an user who has run either in exec or config
> > mode?
>
> As far as I can see, the routers do not log the exact command (that is:
> "the string the user has entered") to TACACS, but "what the router thought
> the command was".
>
> So if I type "sh run", the TACACS-Server will log "show running-config",
> and I'm fairly sure that this translation doesn't happen in the server
> (because we use a very old copy of the Cisco freeware TACACS+ server, and
> this does happen as well for lots of commands that have been introduced
> years later, so the server cannot possibly know about them...).
>
> This means that the choice of server won't have an effect here.
>
> gert
>
> --
> USENET is *not* the non-clickable part of WWW!
> //www.muc.de/~gert/
> Gert Doering - Munich, Germany gert at greenie.muc.de
> fax: +49-89-35655025 gert at net.informatik.tu-muenchen.de
>
More information about the cisco-nsp
mailing list