|
|
This chapter contains information about the CiscoSecure UNIX Server software accounting database file and how to enable accounting using the software.
In Cisco IOS Release 11.0 and later, the TACACS+ protocol provides accounting information which includes start and stop times, login duration, and network resources used. CiscoSecure UNIX Server software records accounting information into an accounting file which is specified in the server control file. However, if your system has limited file storage space, you can configure the system to allow accounting information to be dropped rather than written to a file. This, together with the extensible accounting function, gives you flexibility in using resources without necessarily requiring large file storage capacity.
You only need to configure one accounting parameter, the accounting filename. All accounting records are written as text to this file. The filename is configured in the server control file as follows:
STRING config_accounting_database_filename = "./accounting";
An accounting record is structured as follows:
char nas_name[] /* NAS name */ char user_name[] /* username */ char port_name[] /* port the connection is on */ char remote_address[] /* where the user connected from */ char record_type[] /* (start, update, stop etc) */ char server_name[] /* name of the host CiscoSecure server */ char attribute_value_pair[] /* there are an arbitrary number of these */
Typical values in the accounting attribute_value_pair are listed inTable 5-1.
| Attribute | Value(s) |
|---|---|
| event_id | Start and stop records for the same event will have matching (unique) event_id's |
| start_time | The time the action started (in seconds since the epoch, 12:00 midnight January 1, 1970). |
| stop_time | The time the action stopped (in seconds since the epoch). |
| elapsed_time | The elapsed time in seconds for the action. Useful when the device does not have real time. |
| bytes | The number of bytes transferred by this action. |
| bytes_in | The number of input bytes transferred by this action. |
| bytes_out | The number of output bytes transferred by this action. |
| packets | The number of packets transferred by this action. |
| packets_in | The number of input packets transferred by this action. |
| packets_out | The number of output packets transferred by this action. |
| status | The numeric status value associated with the action. This is a signed four-byte word in network byte order. 0 is defined as success. Negative numbers indicate errors; positive numbers indicate nonerror failures. The exact status values may be defined by the client. |
| err_msg | An ASCII string describing the status of the action. |
Each accounting record is terminated by the newline character (\n), and individual fields are separated by a tab character; record lengths are not fixed. All numeric values in attribute_value_pair strings are sent and recorded as decimal ASCII numbers. The accounting record file consists of a sequence of such records, written to stable storage on a periodic, configurable basis.
The following is sample output of the accounting system (with each line wrapped to fit onto the page):
cisco.smallworks.com jes tty2 192.207.126.16 start server=server1 time=10:17:38 date=12/10/95 task_id=15994 service=exec port=2 cisco.smallworks.com jes tty2 192.207.126.16 start server=server1 time=10:17:38 date=12/10/95 task_id=15994 service=exec port=2 service=exec port=2 cisco.smallworks.com jes tty1 async start server=server1 time=10:25:06 date=12/10/95 task_id=8125 service=exec port=1 cisco.smallworks.com jes tty1 async start server=server1 time=10:25:06 date=12/10/95 task_id=8125 service=exec port=1 service=exec port=1 cisco.smallworks.com jes tty1 async stop server=server1 time=10:25:16 date=12/10/95 task_id=8125 service=exec port=1 service=exec port=1 elapsed_time=10 cisco.smallworks.com jes tty1 async start server=server1 time=10:25:35 date=12/10/95 task_id=38633 service=exec port=1 cisco.smallworks.com jes tty1 async start server=server1 time=10:25:35 date=12/10/95 task_id=38633 service=exec port=1 service=exec port=1 cisco.smallworks.com jes tty1 async stop server=server1 time=10:26:23 date=12/10/95 task_id=38633 service=exec port=1 service=exec port=1 elapsed_time=48 cisco.smallworks.com terry tty1 async start server=server1 time=10:27:08 date=12/10/95 task_id=64426 service=exec port=1 cisco.smallworks.com terry tty1 async start server=server1 time=10:27:08 date=12/10/95 task_id=64426 service=exec port=1 service=exec port=1 cisco.smallworks.com terry tty1 async stop server=server1 time=10:27:18 date=12/10/95 task_id=64426 service=exec port=1 service=exec port=1 elapsed_time=10 cisco.smallworks.com terry tty1 async start server=server1 time=10:27:52 date=12/10/95 task_id=40924 service=exec port=1 cisco.smallworks.com terry tty1 async start server=server1 time=10:27:52 date=12/10/95 task_id=40924 service=exec port=1 service=exec port=1 cisco.smallworks.com terry tty1 async stop server=server1 time=10:38:07 date=12/10/95 task_id=40924 service=exec port=1 service=exec port=1 elapsed_time=615 cisco.smallworks.com jes tty1 async start server=server1 time=10:38:38 date=12/10/95 task_id=29949 service=exec port=1 cisco.smallworks.com jes tty1 async stop server=server1 time=10:38:41 date=12/10/95 task_id=29949 service=exec port=1 service=exec port=1 elapsed_time=4 cisco.smallworks.com jes tty2 192.207.126.16 stop server=server1 time=11:31:39 date=12/10/95 task_id=15994 service=exec port=2 service=exec port=2 elapsed_time=4441 cisco.smallworks.com terry tty2 192.207.126.16 start server=server1 time=12:14:26 date=12/10/95 task_id=14192 service=exec port=2 cisco.smallworks.com terry tty2 192.207.126.16 start server=server1 time=12:14:26 date=12/10/95 task_id=14192 service=exec port=2 service=exec port=2 cisco.smallworks.com terry tty2 192.207.126.16 stop server=server1 time=12:15:24 date=12/10/95 task_id=14192 service=exec port=2 service=exec port=2 elapsed_time=58 cisco.smallworks.com jes tty2 192.207.126.16 start server=server1 time=06:05:10 date=12/11/95 task_id=28406 service=exec port=2 cisco.smallworks.com jes tty2 192.207.126.16 start server=server1 time=06:05:10 date=12/11/95 task_id=28406 service=exec port=2 service=exec port=2
Before each write operation, CiscoSecure UNIX Server software checks the accounting file to see if its filename has changed and, if it has, the existing accounting file is closed and a new copy of the file is opened. This prevents any loss of data when you are archiving accounting data while CiscoSecure UNIX Server software is running.
|
|