06-27-2025 12:10 PM
Hello,
I'm looking for a way to suppress specific log messages similar to the following:
"AUTHPRIV-6-SYSTEM_MSG: pam_unix(crond:session): session opened for user root"
"AUTHPRIV-6-SYSTEM_MSG: pam_unix(crond:session): session closed for user root"
I understand that reducing the authpriv logging level from 6 to 5 might prevent these messages, but due to STIG compliance requirements, I need to keep the logging level at 6. Is there a recommended method to suppress or filter these specific log entries while maintaining the current logging level?
Thanks in advance for any guidance.
Solved! Go to Solution.
06-27-2025 12:30 PM
Hello @Paul M Dycus,
NX-OS does not support logging discriminators which are commonly used on IOS and IOS-XE for this purpose.
So you are limited to filtering by severity and facility which is not an option for you due to STIG compliance.
Therefore, you could only use external syslog processing tools for more granular filtering.
HTH!
06-27-2025 12:30 PM
Hello @Paul M Dycus,
NX-OS does not support logging discriminators which are commonly used on IOS and IOS-XE for this purpose.
So you are limited to filtering by severity and facility which is not an option for you due to STIG compliance.
Therefore, you could only use external syslog processing tools for more granular filtering.
HTH!
06-27-2025 12:57 PM
Hello @Paul M Dycus
If you're using a SIEM or syslog analyzer, it's a good practice to ignore low value messages like this session logs in alerting rules rather than fully supressing them...
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide