[j-nsp] Supporting Audit Requirements in JUNOS
Stacy W. Smith
stacy at acm.org
Wed Jul 23 11:54:55 EDT 2008
Taking a slightly different tack...
Maybe "set system archival configuration transfer-on-commit" would
meet your requirements?
On Jul 23, 2008, at 9:23 AM, Stefan Fouant wrote:
> We are currently using TACACS+ for authorization, but not
> accounting... I suppose we could enable TACACS+ for accounting as
> well, but was worried about the induced latency between our TACACS+
> servers and some of our nodes which in some cases are separated by
> many router hops and thousands of miles of fiber.
> On Wed, Jul 23, 2008 at 11:16 AM, Eugeniu Patrascu
> <eugen at imacandi.net> wrote:
>> Jose Madrid wrote:
>>> Going back to Christian's point, Rancid doesn't know who made the
>>> changes and if there are multiple changes between rancid run-
>>> times, it
>>> will pick up various changes and not just the one in particular. I
>>> currently use a mixture of rancid and logs from devices to see who
>>> logged in at a time nearest when the change was picked up. This is
>>> less than ideal solution, but all we currently have.
>> Wouldn't TACACS+ solve the 'who' and the 'what' and the 'when' ?
>> Parsing the log files and summarizing them shouldn't take log for a
> Stefan Fouant
> Principal Network Engineer
> NeuStar, Inc. - http://www.neustar.biz
> GPG Key ID: 0xB5E3803D
> juniper-nsp mailing list juniper-nsp at puck.nether.net
More information about the juniper-nsp