[j-nsp] Supporting Audit Requirements in JUNOS

Stefan Fouant sfouant at gmail.com
Wed Jul 23 11:23:02 EDT 2008


We are currently using TACACS+ for authorization, but not
accounting... I suppose we could enable TACACS+ for accounting as
well, but was worried about the induced latency between our TACACS+
servers and some of our nodes which in some cases are separated by
many router hops and thousands of miles of fiber.

On Wed, Jul 23, 2008 at 11:16 AM, Eugeniu Patrascu <eugen at imacandi.net> wrote:
> Jose Madrid wrote:
>>
>> Going back to Christian's point, Rancid doesn't know who made the
>> changes and if there are multiple changes between rancid run-times, it
>> will pick up various changes and not just the one in particular.  I
>> currently use a mixture of rancid and logs from devices to see who
>> logged in at a time nearest when the change was picked up.  This is
>> less than ideal solution, but all we currently have.
>>
>
> Wouldn't TACACS+ solve the 'who' and the 'what' and the 'when' ?
> Parsing the log files and summarizing them shouldn't take log for a Perl
> guy.
>



-- 
Stefan Fouant
Principal Network Engineer
NeuStar, Inc. - http://www.neustar.biz
GPG Key ID: 0xB5E3803D


More information about the juniper-nsp mailing list