TACACS Log

this section contains the kron pam tacacs accounting logs commands executed in the session are stored in the database and sent to the syslog server if they are defined the packets are sent to the server in the following format username the username that executed the command userid specific id of the user in the pam database nasipaddress the ip address of the target device nashostname the ip hostname of the target device tenantid tenant that the event was created nasporttype port of the target device callingstationid source ip of the device that executed the command privelegelevel allowed privileged level command what command was executed allowed if the executed command is allowed by the administrator or not if allowed=true authorized, the command can be executed if allowed=false unauthorized, the command can’t be executed commandtime exact time the command was executed instancename the instance to which the executed command is sent for accounting devicegroups the group name of the target device example the show clock command was executed on tacacs, and is configured as black key on kron pam {username='tacacsuser', userid='b8bcf3e4 b4ba 456b 8dbe c604f65cc6c8', nasipaddress='10 10 10 10', nashostname='10 10 10 10', tenantid='krontech', nasporttype='tty3', callingstationid='10 0 1 11', privilegelevel='1', command='show clock', allowed=false, commandtime=2025 04 21 16 15 24 0, instancename='localhost localdomain', devicegroups='cisco tacacs device'} the show running config command was executed on tacacs, and is configured as black key on kron pam {username='tacacsuser', userid='b8bcf3e4 b4ba 456b 8dbe c604f65cc6c8', nasipaddress='10 10 10 10', nashostname='10 10 10 10', tenantid='krontech', nasporttype='tty3', callingstationid='10 0 1 11', privilegelevel='15', command='show running config \<cr>', allowed=true, commandtime=2025 04 21 16 15 24 0, instancename='localhost localdomain', devicegroups='cisco tacacs device'}