cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question

Tacacs accounting support

Hi,

I have several clusters spread across the globe and i am using Tacacs+ authentication. Does anyone know if checkpoint  R77.30 or R80.10 supports accounting features like send to the tacacs server all the commands and configurations made by the serveral administrators? 

Thank you

Tags (2)
3 Replies
Admin
Admin

Re: Tacacs accounting support

I assume we're talking about Gaia OS commands.

Through TACACS+ Accounting? Not to my knowledge.

However, the commands entered are sent to syslog, which could be centrally collected.

Aug  2 17:14:55 2018 GW xpand[5368]: admin localhost t +volatile:clish:admin:15862 t

Aug  2 17:14:55 2018 GW clish[15862]: User admin logged in with ReadWrite permission

Aug  2 17:14:58 2018 GW clish[15862]: cmd by admin: Start executing : show interface ... (cmd md5: 47fdeb5c773b9dac74c9fe311686ca76)

Aug  2 17:14:58 2018 GW clish[15862]: cmd by admin: Processing : show interface eth0 (cmd md5: 47fdeb5c773b9dac74c9fe311686ca76)

Aug  2 17:15:00 2018 GW xpand[5368]: admin localhost t -volatile:clish:admin:15862 

Aug  2 17:15:00 2018 GW clish[15862]: User admin logged out  from CLI shell

0 Kudos

Re: Tacacs accounting support

Indeed i did not find any information about the accouting on tacacs but i will parse and use the syslog. Thank you for the tip! Smiley Happy

0 Kudos
Admin
Admin

Re: Tacacs accounting support

You may see some noise with this method as several automated commands from admin will also show up.

For users who don't log in as admin, it will definitely be helpful to know what they did Smiley Happy