TACACS Log
This section contains the Kron PAM TACACS Accounting logs. Commands executed in the session are stored in the database and sent to the Syslog server if they are defined. The packets are sent to the server in the following format:
userName | The username that executed the command |
---|---|
userId | Specific ID of the user in the PAM Database |
nasIpAddress | The IP address of the target device |
nasHostName | The IP hostname of the target device |
tenantId | Tenant that the event was created |
nasPortType | Port of the target device |
callingStationId | Source IP of the device that executed the command |
privelegeLevel | Allowed privileged level |
command | What command was executed |
allowed | If the executed command is allowed by the administrator or not If allowed=true: authorized, the command can be executed If allowed=false: unauthorized, the command canβt be executed |
commandTime | Exact time the command was executed |
instanceName | The instance to which the executed command is sent for accounting |
deviceGroups | The Group name of the target device |
Example:
The show clock command was executed on TACACS, and is configured as Black Key on Kron PAM:
The show running-config command was executed on TACACS, and is configured as Black Key on Kron PAM:
ο»Ώ