we noticed that our operational backup is now up to 25GB large, which is too large from our perspectiv. After some research we found out, that with deploying DNA Center, the amount of authorization log data incrises rapidly. This is because DNAC is collecting a lot of show outputs, when you enable device controlability. This kind of logs have no benefit to us, so we want to implement a filter, which drops all authorization logs from a special user starting with "show". Does someone know, if this is possible and how to configure such a filter?
Most deployments don't back up the operational logs and just accept that in the event of monitoring node failures they just lose the historical logging. Most send the syslogs they want to something like splunk anyways. Losing the operation logs is an admin impact, and not a functional one.
You can filter your TACACS/RADIUS logs in the way you want by setting up a collection filter. You can do this from administration > logging > collection filters.