Dear Community Team,

I hope this message finds you well.

I have recently observed an influx of logs in our syslog server attributed to "Console user" and "unknown user." After thoroughly investigating, I could not locate these users in our network or configuration settings. Additionally, none of the logs appear to correspond to any actions executed by our network engineers.

I seek your assistance in identifying the cause of these logs and resolving this issue.

Below are examples of the logs frequently appearing for these users:

3557530: Switch: Dec 29 22:02:47: %PARSER-5-CFGLOG_LOGGEDCMD: User: unknown user logged command:!exec: enable
3557505: Switch: Dec 29 22:00:46: %PARSER-5-CFGLOG_LOGGEDCMD: User: unknown user logged command:!exec: enable
3557482: Switch: .Dec 29 21:58:30: %PARSER-5-CFGLOG_LOGGEDCMD: User: unknown user logged command:!exec: enable

&&&&&

84: ABC-Switch: *Dec 30 03:42:17.198: %PARSER-5-CFGLOG_LOGGEDCMD: User: console logged command: transport https
83: ABC-Switch: *Dec 30 03:42:17.198: %PARSER-5-CFGLOG_LOGGEDCMD: User: console logged command: WSMA profile listener HTTPs listener
82: ABC-Switch: *Dec 30 03:42:17.197: %PARSER-5-CFGLOG_LOGGEDCMD: User: console logged command: transport http
81: ABC-Switch: *Dec 30 03:42:17.196: %PARSER-5-CFGLOG_LOGGEDCMD: User: console logged command: WSMA profile listener HTTP listener
80: ABC-Switch: *Dec 30 03:42:17.195: %PARSER-5-CFGLOG_LOGGEDCMD: User: console logged command: WSMA agent notify profile HTTPs listener
79: ABC-Switch: *Dec 30 03:42:17.194: %PARSER-5-CFGLOG_LOGGEDCMD: User: console logged command: WSMA agent notify profile HTTP listener
78: ABC-Switch: *Dec 30 03:42:17.193: %PARSER-5-CFGLOG_LOGGEDCMD: User: console logged command: WSMA agent file sys profile HTTPs listener
77: ABC-Switch: *Dec 30 03:42:17.192: %PARSER-5-CFGLOG_LOGGEDCMD: User: console logged command: WSMA agent file sys profile HTTP listener
76: ABC-Switch: *Dec 30 03:42:17.191: %PARSER-5-CFGLOG_LOGGEDCMD: User: console logged command: WSMA agent config profile HTTPs listener
75: ABC-Switch: *Dec 30 03:42:17.190: %PARSER-5-CFGLOG_LOGGEDCMD: User: console logged command: WSMA agent config profile HTTP listener
74: ABC-Switch: *Dec 30 03:42:17.188: %PARSER-5-CFGLOG_LOGGEDCMD: User: console logged command: WSMA agent exec profile HTTPs listener
73: ABC-Switch: *Dec 30 03:42:17.187: %PARSER-5-CFGLOG_LOGGEDCMD: User: console logged command: WSMA agent exec profile HTTP listener
72: ABC-Switch: *Dec 30 03:42:17.185: %PARSER-5-CFGLOG_LOGGEDCMD: User: console logged command: IP http secure-server

Thank you for your support, and I look forward to your guidance.