-
Notifications
You must be signed in to change notification settings - Fork 24
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Tacacs+ Fortigate Accounting #105
Comments
Hi Daniel, using ${args} in an accounting format string should work:
Also, please git pull, I've just recognized that I didn't initialize some logging variables (service, protocol) in accounting context. Thanks, Marc |
Hi Marc, unfortunately I got this error messages, I did the git pull before and install the new version. Below is the output from
Version 81f704d initialized Cheers, Daniel. |
Hi Daniel, please add the format specs to the log definition, such as:.
Cheers, Marc |
Hi Marc, thanks for your advice, it works.
It would be nice, if it's possible to get only the reason="Add firewall.address 2.2.2.2" or reason="Edit firewall.address 2.2.2.2", instead of event= stop_time= too, but for the first iteration it's enough, because the manufacturer has to fix some tacacs+ implementation on the device. Many thanks for your help, cheers, Daniel. |
Hi Daniel, thanks, so I assume it's safe to close this issue. Cheers, Marc |
Hi Marc,
I've a Fortigate device, which should be accounted too. The mainly problem is the cmd field shows only (show, get) instead of show user tacacs+ or get system status. It's really weird, if I want to audit it. The point of interest for Fortigate seems to be the field reason, see attachment.
Is there some options to get the field reason on the accounting file?
Regarding to the documentation, it's possible to modify the log format, but it ends with an error.
Error /etc/tac_plus-ng/tac_plus-ng.cfg:24: Expected 'log', but got 'format'
Thank you and cheers,
Daniel.
The text was updated successfully, but these errors were encountered: