Solved: Suppressing Specific authpriv Log Messages on NXOS

Paul M Dycus · ‎06-27-2025

Hello,

I'm looking for a way to suppress specific log messages similar to the following:

"AUTHPRIV-6-SYSTEM_MSG: pam_unix(crond:session): session opened for user root"

"AUTHPRIV-6-SYSTEM_MSG: pam_unix(crond:session): session closed for user root"

I understand that reducing the authpriv logging level from 6 to 5 might prevent these messages, but due to STIG compliance requirements, I need to keep the logging level at 6. Is there a recommended method to suppress or filter these specific log entries while maintaining the current logging level?

Thanks in advance for any guidance.

Jens Albrecht · ‎06-27-2025

Hello @Paul M Dycus,

NX-OS does not support logging discriminators which are commonly used on IOS and IOS-XE for this purpose.

So you are limited to filtering by severity and facility which is not an option for you due to STIG compliance.

Therefore, you could only use external syslog processing tools for more granular filtering.

HTH!

View solution in original post

Jens Albrecht · ‎06-27-2025

Hello @Paul M Dycus,

NX-OS does not support logging discriminators which are commonly used on IOS and IOS-XE for this purpose.

So you are limited to filtering by severity and facility which is not an option for you due to STIG compliance.

Therefore, you could only use external syslog processing tools for more granular filtering.

HTH!

M02@rt37 · ‎06-27-2025

Hello @Paul M Dycus

If you're using a SIEM or syslog analyzer, it's a good practice to ignore low value messages like this session logs in alerting rules rather than fully supressing them...

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.