https://community.cisco.com/t5/network-access-control/suppressing-specific-authpriv-log-messages-on-nxos/m-p/5303508#M596990 <P>Hello,</P><P>I'm looking for a way to suppress specific log messages similar to the following:</P><P>"AUTHPRIV-6-SYSTEM_MSG: pam_unix(crond:session): session opened for user root"</P><P>"AUTHPRIV-6-SYSTEM_MSG: pam_unix(crond:session): session closed for user root"</P><P>I understand that reducing the authpriv logging level from 6 to 5 might prevent these messages, but due to STIG compliance requirements, I need to keep the logging level at 6. Is there a recommended method to suppress or filter these specific log entries while maintaining the current logging level?</P><P>Thanks in advance for any guidance.</P> Fri, 27 Jun 2025 19:10:24 GMT Paul M Dycus 2025-06-27T19:10:24Z https://community.cisco.com/t5/network-access-control/suppressing-specific-authpriv-log-messages-on-nxos/m-p/5303508#M596990 <P>Hello,</P><P>I'm looking for a way to suppress specific log messages similar to the following:</P><P>"AUTHPRIV-6-SYSTEM_MSG: pam_unix(crond:session): session opened for user root"</P><P>"AUTHPRIV-6-SYSTEM_MSG: pam_unix(crond:session): session closed for user root"</P><P>I understand that reducing the authpriv logging level from 6 to 5 might prevent these messages, but due to STIG compliance requirements, I need to keep the logging level at 6. Is there a recommended method to suppress or filter these specific log entries while maintaining the current logging level?</P><P>Thanks in advance for any guidance.</P> Fri, 27 Jun 2025 19:10:24 GMT https://community.cisco.com/t5/network-access-control/suppressing-specific-authpriv-log-messages-on-nxos/m-p/5303508#M596990 Paul M Dycus 2025-06-27T19:10:24Z https://community.cisco.com/t5/network-access-control/suppressing-specific-authpriv-log-messages-on-nxos/m-p/5303515#M596991 <P>Hello&nbsp;<a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/1892028">@Paul M Dycus</a>,</P> <P>NX-OS does not support logging discriminators which are commonly used on IOS and IOS-XE for this purpose.</P> <P>So you are limited to filtering by severity and facility which is not an option for you due to STIG compliance.</P> <P>Therefore, you could only use external syslog processing tools for more granular filtering.</P> <P>HTH!</P> Fri, 27 Jun 2025 19:30:45 GMT https://community.cisco.com/t5/network-access-control/suppressing-specific-authpriv-log-messages-on-nxos/m-p/5303515#M596991 Jens Albrecht 2025-06-27T19:30:45Z https://community.cisco.com/t5/network-access-control/suppressing-specific-authpriv-log-messages-on-nxos/m-p/5303520#M596992 <P>Hello <a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/1892028">@Paul M Dycus</a>&nbsp;</P> <P>If you're using a SIEM or syslog analyzer, it's a good practice to ignore low value messages like this session logs in alerting rules rather than fully supressing them...</P> <P>&nbsp;</P> Fri, 27 Jun 2025 19:57:23 GMT https://community.cisco.com/t5/network-access-control/suppressing-specific-authpriv-log-messages-on-nxos/m-p/5303520#M596992 M02@rt37 2025-06-27T19:57:23Z