If you use a Terminal Access Controller Access-Control System Plus (TACACS+) server for user authorization and authentication, you can now log accounting information to fully make use of the authentication, authorization, and accounting (AAA) framework that is the basis for TACACS+.

The TACACS+ Accounting feature allows you to use a TACACS+ server profile to record user behavior, such as when a user started using a specific service, the duration of use for the service, and when they stopped using the service. The TACACS+ Accounting feature helps to create logs and records of the initiation and termination of services, as well as any services in progress during the user’s session, that you can then use later if needed for auditing purposes.

When you configure and enable an Accounting server profile, the TACACS+ server provides information to the firewall about the initiation, duration, and termination of services by users. The firewall also generates a log when the TACACS+ server successfully provides the accounting records to the server that you configure in the profile. If the firewall is unable to successfully send the accounting records to any of the servers in the profile, the firewall generates a critical severity alert to the system logs.

By using your existing TACACS+ server, you can now configure it to provide even more information about the use of services by users on your network, giving you even more robust visibility into user activity on your network.