TACACS+ accounting was first supported within BIG-IP version 10.2.0. Within this article we will show your the commands required to enable this feature.
Configure
First of all you will need to enable accounting within your authentication settings (this can be found within the GUI under ‘System / Users / Authentication’)
modify sys db config.auditing.forward.destination value 162.13.46.12 modify sys db config.auditing.forward.sharedsecret value abc123 modify sys db config.auditing.forward.type value tacacs+ modify sys db config.auditing value info <-- logs cli changes modify sys db log.mcpd.level value info <-- logs gui changes save /sys config
Output
Below provides a sample of the accounting output (taken from the TACACS+ server).
[email protected]:~# tail -f /var/log/tac_plus.acct Jul 26 15:47:01 86.147.23.10 user1 unknown unknown update service=system protocol=ip task_id=41 start_time=1374853572 event=cmd_acct rea 0 - obj_delete { monitor { monitor_ name "MON-HTTP-SALT" monitor_owner 1 } } [Status=Command OK]
Reference
Below are the references used to build this the configuration within this article.
v.10 – Remote Authorization via TACACS+
Configuring remote RADIUS or TACACS+ accounting
- How to Configure a BIND Server on Ubuntu - March 15, 2018
- What is a BGP Confederation? - March 6, 2018
- Cisco – What is BGP ORF (Outbound Route Filtering)? - March 5, 2018
Want to become an F5 Loadbalancers expert?
Here is our hand-picked selection of the best courses you can find online:
F5 BIG-IP 101 Certification Exam – Complete Course
F5 BIG-IP 201 Certification Exam – Complete Course
and our recommended certification practice exams:
AlphaPrep Practice Tests - Free Trial