cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
293
Views
0
Helpful
1
Replies
Highlighted
Beginner

ASR9K Suppress Specific Syslogs

Hello,

I've been trying to find a way to suppress SSH syslog messages for a specific user on our ASR9K platform. Example:

 

%SECURITY-SSHD-6-INFO_SUCCESS : Successfully authenticated user 'x'

%SECURITY-SSHD-6-INFO_USER_LOGOUT : User 'x'

 

So far, the only thing I've been able to find is a way to suppress by message category, group name, and message code as shown below. However, I still want to display those syslog messages for other users.


logging suppress rule example
 alarm SECURITY SSHD INFO_SUCCESS
 alarm SECURITY SSHD INFO_USER_LOGOUT
!
logging suppress apply rule example
 all-of-router

 

Maybe I'm going about this in the wrong way. Any advise would be greatly appreciated. 
Thanks!

1 REPLY 1
Highlighted
VIP Advocate

 

 - You may want to use a logging discriminator , here are a few info-resources on that subject :

         https://writemem.co.uk/logging-discriminator/

         https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/esm/command/esm-cr-book/esm-cr-a1.html#wp1888787448

 M.

Content for Community-Ad