I have spent my time for the past few weeks configuring Cisco Secure ACS Tacacs+ for Active Directory authentication and authorization. The AAA accounting for change management however prove to be difficult. I have used and setup the “Archive” feature for years now, however I did not know that I can send this to a syslog using “notify syslog”. I actually prefer the “Archive” than the AAA accounting, it is so much simple to setup.
Switch#config term Switch(config)#archive Switch(config-archive)#log config Switch(config-archive-log-cfg)#logging enable Switch(config-archive-log-cfg)#logging size 500 Switch(config-archive-log-cfg)#hidekeys Switch(config-archive-log-cfg)#notify syslog
Switch#sh archive log config all
The configuration I have above will track the user and all the command he/she issues and store in on the local switch as well as send it to syslog. May be next article I can do Cisco Secure ACS, but there’s really nothing special there, although I am using the vm version of ACS v5.3 which is probably worth mentioning.