cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
163
Views
1
Helpful
2
Replies

Suppressing Specific authpriv Log Messages on NXOS

Paul M Dycus
Level 1
Level 1

Hello,

I'm looking for a way to suppress specific log messages similar to the following:

"AUTHPRIV-6-SYSTEM_MSG: pam_unix(crond:session): session opened for user root"

"AUTHPRIV-6-SYSTEM_MSG: pam_unix(crond:session): session closed for user root"

I understand that reducing the authpriv logging level from 6 to 5 might prevent these messages, but due to STIG compliance requirements, I need to keep the logging level at 6. Is there a recommended method to suppress or filter these specific log entries while maintaining the current logging level?

Thanks in advance for any guidance.

1 Accepted Solution

Accepted Solutions

Jens Albrecht
Level 4
Level 4

Hello @Paul M Dycus,

NX-OS does not support logging discriminators which are commonly used on IOS and IOS-XE for this purpose.

So you are limited to filtering by severity and facility which is not an option for you due to STIG compliance.

Therefore, you could only use external syslog processing tools for more granular filtering.

HTH!

View solution in original post

2 Replies 2

Jens Albrecht
Level 4
Level 4

Hello @Paul M Dycus,

NX-OS does not support logging discriminators which are commonly used on IOS and IOS-XE for this purpose.

So you are limited to filtering by severity and facility which is not an option for you due to STIG compliance.

Therefore, you could only use external syslog processing tools for more granular filtering.

HTH!

M02@rt37
VIP
VIP

Hello @Paul M Dycus 

If you're using a SIEM or syslog analyzer, it's a good practice to ignore low value messages like this session logs in alerting rules rather than fully supressing them...

 

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.