Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Fernando_Lourei
Participant

Tacacs accounting support

Hi,

I have several clusters spread across the globe and i am using Tacacs+ authentication. Does anyone know if checkpoint  R77.30 or R80.10 supports accounting features like send to the tacacs server all the commands and configurations made by the serveral administrators? 

Thank you

5 Replies
PhoneBoy
Admin
Admin

I assume we're talking about Gaia OS commands.

Through TACACS+ Accounting? Not to my knowledge.

However, the commands entered are sent to syslog, which could be centrally collected.

Aug  2 17:14:55 2018 GW xpand[5368]: admin localhost t +volatile:clish:admin:15862 t

Aug  2 17:14:55 2018 GW clish[15862]: User admin logged in with ReadWrite permission

Aug  2 17:14:58 2018 GW clish[15862]: cmd by admin: Start executing : show interface ... (cmd md5: 47fdeb5c773b9dac74c9fe311686ca76)

Aug  2 17:14:58 2018 GW clish[15862]: cmd by admin: Processing : show interface eth0 (cmd md5: 47fdeb5c773b9dac74c9fe311686ca76)

Aug  2 17:15:00 2018 GW xpand[5368]: admin localhost t -volatile:clish:admin:15862 

Aug  2 17:15:00 2018 GW clish[15862]: User admin logged out  from CLI shell

0 Kudos
Fernando_Lourei
Participant

Indeed i did not find any information about the accouting on tacacs but i will parse and use the syslog. Thank you for the tip! Smiley Happy

0 Kudos
PhoneBoy
Admin
Admin

You may see some noise with this method as several automated commands from admin will also show up.

For users who don't log in as admin, it will definitely be helpful to know what they did Smiley Happy

Mark_Gurevich
Contributor

Hello,

Are there any plans to add accounting for TACACS+ ?
0 Kudos
Enyi_Ajoku
Collaborator

Any update on this. Thanks

0 Kudos