The following excerpts from TACACS+ accounting logs exemplify typical success and failure cases for command accounting and login accounting.
The following examples were taken from the free TACACS+ server. The order of the attributes might vary depending on the server package, but the values are the same. The location of the accounting logs depends on the server configuration.
Command accounting examples
Wed Oct 14 10:40:40 2015 10.18.245.157 admin1 /dev/pts/0 10.70.7.36 stop task_id=1 timezone=Etc/GMT service=shell priv-lvl=0 Cmd="operational top configure terminal" Stop_time=Wed Oct 14 17:39:49 2015
Status=Succeeded
Wed Oct 14 10:42:14 2015 10.18.245.157 admin1 /dev/pts/0 10.70.7.36 stop task_id=1 timezone=Etc/GMT service=shell priv-lvl=0 Cmd="configure conf-if-eth-0/3 shutdown" Stop_time=Wed Oct 14 17:41:24 2015
Status=Succeeded
Wed Oct 14 10:42:23 2015 10.18.245.157 admin1 /dev/pts/0 10.70.7.36 stop task_id=1 timezone=Etc/GMT service=shell priv-lvl=0 Cmd="configure conf-if-eth-0/3 no shutdown" Stop_time=Wed Oct 14 17:41:33 2015
<102> 2012-04-09 15:21:43 4/9/2012 3:21:43 PM NAS_IP=10.17.37.150 Port=0 rem_addr=Console User=admin Flags=Stop task_id=1 timezone=Etc/GMT+0 service=shell priv-lvl=0 Cmd=username Stop_time=Mon Apr 9 09:43:56 2012 Status=Succeeded
Aug 19 20:57:12 10.24.12.77 admin /dev/pts/0 10.252.200.38 stop task_id=1 timezone=Etc/ config radius-server host 10.2.3" Stop_time=Fri Aug 19 08:25:56 2016
Status=%% Error: Invalid host name or IP address
Login (EXEC) accounting examples
Aug 19 21:01:46 10.24.12.77 user /dev/pts/1 10.252.200.38 start task_id=1 timezone=Etc/GMT service=shell
Aug 19 21:03:11 10.24.12.77 user /dev/pts/1 10.252.200.38 stop task_id=1 timezone=Etc/GMT service=shell elapsed_time=85 reason=admin reset