tacacs+ logging

eliufoo · 08-15-2010, 02:51 PM

hi guys,

I just completed testing and configuring tac_plus on Centos. I have been testing my configs with network equipments (Cisco) for authentication, authorization and accounting and all services work well.

My problem: when i start tac_plus using the following command

/usr/sbin/tac_plus -C test_file3 -d 40

All tacss_plus logs are sent to /var/log/tac_plus.log

When I start tac_plus using the following command.

/etc/init.d/tac_plus start|restart|reload

logs are sent to /var/log/messages.

How can I change and have all logs to be sent to /var/log/tac_plus.log when using */etc/init.d/tac_plus*

My tac_plus.conf file.

Quote:

# Set up accounting file if enabling accounting on NAS
accounting file = /var/log/tac.log

# Enable password setup for everyone:
user = $enable$ {
login = cleartext "cisco"
}

# Group listings must be first:
group = admin {
# Users in group 'admin' have cleartext password
login = cleartext "admin"
expires = "Dec 31 1999"
}
group = operators {
# Users in group 'operators' have cleartext password
login = cleartext "operator"
expires = "Dec 31 1999"
}
group = transients {
# Users in group 'transient' have cleartext password
login = cleartext "transient"
expires = "Dec 31 1999"
}
# This user is a member of group 'admin' & uses that group's password to log in.
# The $enable$ password is used to enter enable mode. The user can perform all commands.
user = authenuser {
default service = permit
member = admin
}
# This user is limitted in allowed commands when aaa authorization is enabled:
user = telnet {
login = cleartext "telnet"
cmd = telnet { permit .* }
cmd = logout { permit .* } }
# user = transient {
# member = transients
# service = exec {
# When transient logs on to the NAS, he's immediately
# zipped to another site # autocmd = "telnet #.#.#.#" # } # }
# This user is a member of group 'operators' # & uses that group's password to log in
user = authenuser {
member = operators
# Since this user does not have 'default service = permit' when command
# authorization through TACACS+ is on at the router, this user's commands
# are limited to:
cmd = show { permit ver permit ip }
cmd = traceroute { permit .* }
cmd = logout { permit .* }
}

unSpawn · 10-14-2010, 03:00 PM

Quote:

Originally Posted by eliufoo

How can I change and have all logs to be sent to /var/log/tac_plus.log when using /etc/init.d/tac_plus

- What configuration file gets used in the init script?
- What command does the init script eventually run when you start it?
What I mean is that inspection might show the init script runs '/usr/sbin/tac_plus -C /etc/tacacs.conf' (location, conf containing something like "accounting = syslog") or it runs '/usr/sbin/tac_plus -C /etc/tacacs/tac_plus.cfg -l syslog (location, logging configured on command line).

//NTLB

amorastrid · 01-04-2012, 07:32 AM

Hey Guys,

I am having a very similar problem with my tac + logging to syslog. Can you tell me how you solved the problem of having it log to the tac_plus.log file instead of the syslog messages?

Thanks

Quote:

Originally Posted by unSpawn

- What configuration file gets used in the init script?
- What command does the init script eventually run when you start it?
What I mean is that inspection might show the init script runs '/usr/sbin/tac_plus -C /etc/tacacs.conf' (location, conf containing something like "accounting = syslog") or it runs '/usr/sbin/tac_plus -C /etc/tacacs/tac_plus.cfg -l syslog (location, logging configured on command line).

//NTLB