Skip to main content

Command Audit

The complete record of every command run on your network gear through TACACS+ — who ran it, on which device, when, and whether it was permitted or denied. Your accountability trail for device administration.

Using it

  1. Go to Device Admin (TACACS+) → Command Audit.
  2. Each entry shows the user, device, command, timestamp, and result (permitted / denied).
  3. Filter by device, user, or result to focus — e.g. show all denied commands to spot someone hitting the limits of their role, or all commands on one device during an incident window.
note

Command logging depends on Log every authorized command being enabled in Settings. This audit is specific to TACACS+ device‑admin commands; RADIUS network‑access events live in RADIUS Monitoring.

tip

After a change‑related outage, filter Command Audit to the device and time window — you'll see the exact configure commands that were run and by whom.