The accounting function records who did what and for how long. Because of this, it relies
upon the authentication process to provide part of the audit trail. For this reason, it is recommended
that accounts be established with easily identified usernames—typically a lastname,
first-initial configuration. This information is coupled with six accounting types, as
described in Table 32.5.
AAA Accounting Types
Accounting Type Function
Command Documents the commands submitted by the user and the privilege
level associated with them.
Connection Provides auditing of all outbound connections.
EXEC Logs user EXEC terminal sessions.
Network Audits all PPP, SLIP, and ARAP session traffic counts, including number
of packets and total bytes.
System Records system-level events.
Resource Provides information regarding connections that have failed, enabling
the administrator to evaluate user attempts.
The configuration of accounting is fairly simple, but there are a few choices that should be
considered. Table 32.6 provides a subset of the more common commands. Administrators
will need to balance the desire to obtain complete accounting records against the overhead
incurred. In Table 32.6, there is a function that is being accounted for that includes commands,
connections, system events, and so on. There is a method used to account for those
functions that includes start-stop, stop-only, and wait-start, and the server type to send this
information to.