[j-nsp] Supporting Audit Requirements in JUNOS

Stacy W. Smith stacy at acm.org
Wed Jul 23 11:54:55 EDT 2008

Taking a slightly different tack...

Maybe "set system archival configuration transfer-on-commit" would  
meet your requirements?


On Jul 23, 2008, at 9:23 AM, Stefan Fouant wrote:

> We are currently using TACACS+ for authorization, but not
> accounting... I suppose we could enable TACACS+ for accounting as
> well, but was worried about the induced latency between our TACACS+
> servers and some of our nodes which in some cases are separated by
> many router hops and thousands of miles of fiber.
> On Wed, Jul 23, 2008 at 11:16 AM, Eugeniu Patrascu  
> <eugen at imacandi.net> wrote:
>> Jose Madrid wrote:
>>> Going back to Christian's point, Rancid doesn't know who made the
>>> changes and if there are multiple changes between rancid run- 
>>> times, it
>>> will pick up various changes and not just the one in particular.  I
>>> currently use a mixture of rancid and logs from devices to see who
>>> logged in at a time nearest when the change was picked up.  This is
>>> less than ideal solution, but all we currently have.
>> Wouldn't TACACS+ solve the 'who' and the 'what' and the 'when' ?
>> Parsing the log files and summarizing them shouldn't take log for a  
>> Perl
>> guy.
> -- 
> Stefan Fouant
> Principal Network Engineer
> NeuStar, Inc. - http://www.neustar.biz
> GPG Key ID: 0xB5E3803D
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp

More information about the juniper-nsp mailing list