HostedDB - Dedicated UNIX Servers
index_142
Router Security Configuration Guide UNCLASSIFIED 142 UNCLASSIFIED Version 1.0g Routers send their accounting records to the security server for storage.  Information in an accounting record includes the users identity, the usage start and stop times, number of packets and bytes, and the command that was executed.  AAA accounting can only use the TACACS+ or RADIUS security servers for record logging. As with authentication and authorization, you configure AAA accounting by defining a list of accounting methods.  If the list was a named list then it must be applied to the appropriate lines and interfaces.  The list will define the list of accounting methods for the indicated accounting type.  For an accounting type, if a default list is not defined and a named list is not applied to the line then no accounting will occur for that type on that line. There are several types of accounting which can be turned on: exec, network, connection, command, system.  All types are supported by TACACS+, but RADIUS does not support command or system. § network accounting – Provides information for PPP, SLIP, and ARAP protocols.  The information includes the number of packets and bytes. § EXEC accounting – Provides information about user EXEC sessions on the network access server.  The information includes the username, date, start and stop times, IP address of access server, and telephone number the call originated from for dial in users. § connection accounting – Provides information about all outbound connections made from the network access server.  This includes telnet, rlogin, etc. (local-area transport (LAT), TN3270, packet assembler/disassembler (PAD)). § commands – This applies to commands which are entered in an EXEC shell.  This option will apply accounting to all commands issued at the specified privilege level.  If accounting is turned on for level 15 and user logged in at enable level 15 runs a level 1 exec command no audit event will be generated.  Account records are generated based upon the level of the command not the level of the user.  Accounting records will include the command, date, time, and the user.  Cisco's implementation of RADIUS does not support command accounting. § system – Provides information about system-level events.  This would include information like system reboots, accounting being turned on or off, etc.  Note that system accounting will only use the default list.  Cisco’s implementation of RADIUS does not support system accounting. AAA accounting requires that AAA is enabled, security servers are defined, and that a security server is specified for each accounting type which is desired.  Each accounting record is comprised of accounting AV pairs and is stored on the access control server.  Accountin g can also be configured such that a user requested action can not occur until an acknowledgement is received from the security server stating that the accounting record has been saved.