Hi

I was wondering how Mikrotik deal with it. So i have asked the support, and they told me that don´t have implemented this kind of control.

I research about Tacacs and UserMan:
*Tacacs i find some forum threads asking about it and some answer that it will not be implemented.
*UserMan, I try to do it but i discovery it can´t provide this kind of information. It just log "userX" login at 11:00AM.
I would like to know what this user have done. Something like:
UserX Log:
20170627-10:39:22AM - included firewall rule #50 - forward, port 23 -> accept
20170627-10:43:47AM - altered firewall rule #20 - output udp port 514 -> accept
20170627-10:50:19AM - deleted firewall rule #15 - input, port 3389 , int interface wan

So i would like to ask you guys, how do you deal with the traceability and user control at huge networks with 500+ routers and a team of 20+ operators ?
How do you log any change done by each user ?

Thanks you

Have a look at Rancid

Have a look at Rancid

Thanks you , i will check it and post here my experience.

Best regards

Hi pukkita,

I can´t check it out before, so now i got some time and its a good tools, the problem is that i still cant log the action of each user.

Rancid is great for user control, like "i need to allow access for brandNewUser1 at 500 routers". Or if i need to drop the access...

But i can´t check wich actions brandNewUser1 had done.

Anyway thanks for the help.