Accounting
Command Authorization and Logging
112
G8264 Application Guide for ENOS 8.4
Accounting is the action of recording a userʹs activities on the device for the
purposes of billing and/or security. It follows the authentication and authorization
actions. If the authentication and authorization is not performed via TACACS+,
there are no TACACS+ accounting messages sent out.
You can use TACACS+ to record and track software login access, configuration
changes, and interactive commands.
The G8264 supports the following TACACS+ accounting attributes:
protocol (console/Telnet/SSH/HTTP/HTTPS)
start_time
stop_time
elapsed_time
disc_cause
Note: When using the Browser‐Based Interface, the TACACS+ Accounting Stop
records are sent only if the Logout button on the browser is clicked.
When TACACS+ Command Authorization is enabled, ENOS configuration
commands are sent to the TACACS+ server for authorization. Use the following
command to enable TACACS+ Command Authorization:
RS G8264(config)# tacacsserver commandauthorization
When TACACS+ Command Logging is enabled, ENOS configuration commands
are logged on the TACACS+ server. Use the following command to enable
TACACS+ Command Logging:
RS G8264(config)# tacacsserver commandlogging
The following examples illustrate the format of ENOS commands sent to the
TACACS+ server:
authorization request, cmd=shell, cmdarg=interface ip
accounting request, cmd=shell, cmdarg=interface ip
authorization request, cmd=shell, cmdarg=enable
accounting request, cmd=shell, cmdarg=enable