Accounting Events; Specifying When To Create Accounting Records - Cisco WS-X6066-SLB-APC - Content Switching Module Software Manual

Chapter 21 Configuring Switch Access Using AAA
The accounting protocol operates in a client-server model, using TCP for transport. The NAS acts as the
client and the accounting server acts as the daemon. The NAS sends accounting information to the
server. The server, after successfully processing the information, sends a response to the NAS,
acknowledging the request. All transactions between the NAS and server are authenticated using a key.
Once accounting has been enabled and an accountable event occurs on the system, the accounting
information is gathered dynamically in memory. When the event ends, an accounting record is created
and sent to the NAS, and then the system deletes the record from memory. The amount of memory used
by the NAS for accounting varies depending on the number of concurrent accountable events.

Accounting Events

You can configure accounting for the following types of events:
•
•
•
•

Specifying When to Create Accounting Records

You configure the switch to gather accounting information to create records. When you configure
accounting (using the set accounting commands), the switch can generate two types of records:
•
•
Accounting records are created and sent to the server at two events:
•
•
78-13315-02
EXEC mode accounting—Provides information about user EXEC sessions (normal login sessions)
on the NAS (includes the duration of the EXEC session but does not include traffic statistics).
Connect accounting—Provides information about all outbound connections from the NAS (such as
Telnet, rlogin).
Note If you get a connection immediately upon login and then your connection terminates, the
EXEC and connect events overlap and have almost identical start and stop times.
System accounting—Provides information on system events not related to users (includes system
reset, system boot, and user configuration of accounting).
Command accounting—Sends a record for each command issued by the user. This permits audit trail
information to be gathered.
Start records—Include partial information of the event (when the event started, type of service, and
traffic statistics).
Stop records—Include complete information of the event (when the event started, its duration, type
of service, and traffic statistics).
Start-stop—Records are sent at both the start and stop of an action if the action has duration. If the
NAS fails to send the accounting record at the start of the action, it still allows you to proceed with
the action.
Stop-only—Records are sent only at the termination of the event. Commands are assumed to have
zero duration, so only stop records are generated for command accounting. No users are associated
with system events; therefore, the start-stop option in the set accounting system command is
ignored for system events.
Catalyst 6000 Family Software Configuration Guide—Releases 6.3 and 6.4
Understanding How Accounting Works
21-57