If you use a Terminal Access Controller Access-Control System Plus (
TACACS+) server for user authorization and
authentication, you can now
log accounting information to fully make
use of the authentication, authorization, and accounting (AAA) framework that is the
basis for TACACS+.
The TACACS+ Accounting feature allows you to use a TACACS+ server profile
to record user behavior, such as when a user started using a specific service, the
duration of use for the service, and when they stopped using the service. The
TACACS+ Accounting feature helps to create logs and records of the initiation and
termination of services, as well as any services in progress during the user’s
session, that you can then use later if needed for auditing purposes.
When you configure and enable an Accounting server profile, the TACACS+ server
provides information to the firewall about the initiation, duration, and termination
of services by users. The firewall also generates a log when the TACACS+ server
successfully provides the accounting records to the server that you configure in the
profile. If the firewall is unable to successfully send the accounting records to
any of the servers in the profile, the firewall generates a critical severity alert
to the system logs.
By using your existing TACACS+ server, you can now configure it to provide even more
information about the use of services by users on your network, giving you even more
robust visibility into user activity on your network.