<div dir="ltr">Provide the entire accounting record rather than a description of it and we'll be able to help you more. But, that is not what tac_plus would show when a user goes into enable.<div><br></div><div>This is what it shows from an Arista:</div><div><br></div><div><div>Apr 14 16:33:36<span class="" style="white-space:pre"> </span>10.244.165.35<span class="" style="white-space:pre"> </span>jfraizer<span class="" style="white-space:pre"> </span>ssh<span class="" style="white-space:pre"> </span>192.168.56.1<span class="" style="white-space:pre"> </span>stop<span class="" style="white-space:pre"> </span>task_id=21<span class="" style="white-space:pre"> </span>service=shell<span class="" style="white-space:pre"> </span>priv-lvl=1<span class="" style="white-space:pre"> </span>start_time=1429029214<span class="" style="white-space:pre"> </span>timezone=UTC<span class="" style="white-space:pre"> </span>cmd=enable <cr></div></div><div><br></div><div>And here is what it shows from a Cisco CSR1000v:</div><div><br></div><div><div>Apr 14 16:34:43<span class="" style="white-space:pre"> </span>10.244.165.36<span class="" style="white-space:pre"> </span>jfraizer<span class="" style="white-space:pre"> </span>tty1<span class="" style="white-space:pre"> </span>192.168.56.1<span class="" style="white-space:pre"> </span>stop<span class="" style="white-space:pre"> </span>task_id=3<span class="" style="white-space:pre"> </span>timezone=UTC<span class="" style="white-space:pre"> </span>service=shell<span class="" style="white-space:pre"> </span>priv-lvl=1<span class="" style="white-space:pre"> </span>cmd=enable <cr></div></div><div><br></div><div><br></div><div><br></div></div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature"><div dir="ltr"><div>--</div>John Fraizer<div>LinkedIn profile: <a href="http://www.linkedin.com/in/johnfraizer/" target="_blank">http://www.linkedin.com/in/johnfraizer/</a></div><div><br><div><span style="color:rgb(53,53,53);font-family:Arial,sans-serif;font-size:12px;line-height:12px;background-color:rgb(244,244,244)"><br></span></div></div></div></div></div>
<br><div class="gmail_quote">On Tue, Apr 14, 2015 at 9:28 AM, Munroe Sollog <span dir="ltr"><<a href="mailto:mus3@lehigh.edu" target="_blank">mus3@lehigh.edu</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">-----BEGIN PGP SIGNED MESSAGE-----<br>
Hash: SHA1<br>
<br>
I'm using tac_plus as an audit history for all users, and I'm noticing that the accounting log is<br>
logging:<br>
<br>
cmd=connect <enable password> <cr><br>
<br>
I believe it is whenever someone types in 'enable' <cr> '<enable password>'<br>
<br>
Does this make sense, and if so any advice on how to get tac_plus to not save the password in the<br>
audit log?<br>
<br>
for reference:<br>
$ tac_plus -v<br>
tac_plus version F4.0.4.27a<br>
ACLS<br>
FIONBIO<br>
LIBWRAP<br>
LINUX<br>
LITTLE_ENDIAN<br>
LOG_DAEMON<br>
PAM<br>
NO_PWAGE<br>
REAPCHILD<br>
RETSIGTYPE RETSIGTYPE<br>
SHADOW_PASSWORDS<br>
SIGTSTP<br>
SIGTTIN<br>
SIGTTOU<br>
SO_REUSEADDR<br>
STRERROR<br>
TAC_PLUS_PORT<br>
UENABLE<br>
__STDC__<br>
<br>
<br>
<br>
Thanks.<br>
<br>
- --<br>
Munroe Sollog<br>
LTS - Network Analyst<br>
x85002<br>
-----BEGIN PGP SIGNATURE-----<br>
Version: GnuPG v1.4.12 (GNU/Linux)<br>
<br>
iQEcBAEBAgAGBQJVLUA5AAoJEPbbZiWCKDVCIcsH/0MMz1sYAQFY4FXMzLUrKa0E<br>
IYJxEuM7QWkQ6wIfFhdf51xOBuepKytGK3JlWuGZaZMdENgEZj/bD4BNxS+4ukAj<br>
fR8xuQSy6AooQLYgdcfJYd/g7udhVmrhBhCDCGQz3HCHKfJyp2V4XmCZPfMVy7EA<br>
7NMhfbPto7nPEkVtDqrjBShgXohrf0OtMXMbdWxljJ+W7P/+nEc4+vfRz/CSpd1a<br>
PnHlwYLRaBIo921xB7I3SiPJqUPhI8i8s52HuzcmJacfT5TypQ9pY08X712QUztJ<br>
zpsFsX2xS3tyWingWKhrqWMtuFpFIWwTeQ7mIOqqd5NTHDhL3DupC1jBOWp2vfA=<br>
=FXGG<br>
-----END PGP SIGNATURE-----<br>
_______________________________________________<br>
tac_plus mailing list<br>
<a href="mailto:tac_plus@shrubbery.net">tac_plus@shrubbery.net</a><br>
<a href="http://www.shrubbery.net/mailman/listinfo/tac_plus" target="_blank">http://www.shrubbery.net/mailman/listinfo/tac_plus</a><br>
</blockquote></div><br></div>