12-20
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 12 Managing Alarms
Creating, Editing, and Duplicating Alarm Thresholds
Related Topics
Creating, Editing, and Duplicating Alarm Thresholds, page 12-11
Configuring General Threshold Information, page 12-13
Configuring Threshold Notifications, page 12-32

TACACS Command Authorization

When ACS evaluates this threshold, it examines the TACACS+ accounting records that it received during
the interval between the previous and current alarm evaluation cycle.
If one or more TACACS+ accounting records match, it calculates the time that has lapsed since the
previous alarm evaluation cycle. When it reaches two, three, or five minutes depending on the number
of active thresholds, ACS examines the TACACS+ authorization records received during the interval
between the previous and current alarm evaluation cycle.
If one or more TACACS+ authorization records match a specified command, privilege level, and passed
or failed result, an alarm is triggered.
You can specify one or more filters to limit the authorization records that are considered for threshold
evaluation. Each filter is associated with a particular attribute in the records, and only those records that
match the filter condition are counted. If you specify multiple filter values, only the records that match
all the filter conditions are counted.
Choose this category to define threshold criteria based on TACACS command authorization profile.
Modify the fields in the Criteria tab as described in Table 12-14.
Table 12-13 TACACS Command Accounting
Option Description
Command Enter a TACACS command on which you want to configure your threshold.
Privilege Use the drop-down list box to select the privilege level on which you want to configure your threshold. Valid
options are:
Any
A number from 0 to 15.
Filter
User Click Select to choose or enter a valid username on which to configure your threshold.
Device Name Click Select to choose a valid device name on which to configure your threshold.
Device IP Click Select to choose or enter a valid device IP address on which to configure your threshold.
Device Group Click Select to choose a valid device group name on which to configure your threshold.
Table 12-14 TACACS Command Authorization
Option Description
Command Enter a TACACS command on which you want to configure your threshold.
Privilege Use the drop-down list box to select the privilege level on which you want to configure your
threshold. Valid options are:
Any
A number from 0 to 15.