Information
The router reports user activity to the TACACS+ or RADIUS security server in the form of accounting records. Each accounting record contains accounting AV pairs and is stored on the security server.
Authentication, authorization and accounting (AAA) systems provide an authoritative source for managing and monitoring access for devices. Centralizing control improves consistency of access control, the services that may be accessed once authenticated and accountability by tracking services accessed. Additionally, centralizing access control simplifies and reduces administrative costs of account provisioning and de-provisioning, especially when managing a large number of devices. AAA Accounting provides a management and audit trail for user and administrative sessions through TACACS+.
Solution
Configure an accounting list which for example includes the tacacs+ or radius server group, which was defined in the prerequisites or local or both:
IOSXR(config)#aaa accounting exec default start-stop group {tacacs_group|radius_group}
IOSXR(config)#line console accounting exec default
IOSXR(config)#line default accounting exec default
Note: exec accounting doesn't support the "local" / syslog target.
Impact:
Enabling 'aaa accounting exec' records each new exec session on the router and sends it to the accounting servers and enables organizations to monitor and analyze the activity.
Command accounting is not supported for commands that are executed using Netconf, XML or GRPC.