Tacacs+ Fortigate Accounting #105
Comments
|
Hi Daniel, using ${args} in an accounting format string should work:
Also, please git pull, I've just recognized that I didn't initialize some logging variables (service, protocol) in accounting context. Thanks, Marc |
|
Hi Marc, unfortunately I got this error messages, I did the git pull before and install the new version. Below is the output from Version 81f704d initialized Cheers, Daniel. |
|
Hi Daniel, please add the format specs to the log definition, such as:. Cheers, Marc |
|
Hi Marc, thanks for your advice, it works. It would be nice, if it's possible to get only the reason="Add firewall.address 2.2.2.2" or reason="Edit firewall.address 2.2.2.2", instead of event= stop_time= too, but for the first iteration it's enough, because the manufacturer has to fix some tacacs+ implementation on the device. Many thanks for your help, cheers, Daniel. |
|
Hi Daniel, thanks, so I assume it's safe to close this issue. Cheers, Marc |
Hi Marc,
I've a Fortigate device, which should be accounted too. The mainly problem is the cmd field shows only (show, get) instead of show user tacacs+ or get system status. It's really weird, if I want to audit it. The point of interest for Fortigate seems to be the field reason, see attachment.
Is there some options to get the field reason on the accounting file?
Regarding to the documentation, it's possible to modify the log format, but it ends with an error.
Error /etc/tac_plus-ng/tac_plus-ng.cfg:24: Expected 'log', but got 'format'Thank you and cheers,
Daniel.
The text was updated successfully, but these errors were encountered: