This is the clean install of PI. I just added devices in the monitoring section.

As I said, there is no additional job defined.

Here are the logs from the switch:

Feb 24 10:33:54.063: %PARSER-5-CFGLOG_LOGGEDCMD: User:prime logged command:!exec: enable
Feb 24 10:33:59.071: %PARSER-5-CFGLOG_LOGGEDCMD: User:prime logged command:!exec: enable
Feb 24 10:50:41.437: %PARSER-5-CFGLOG_LOGGEDCMD: User:prime logged command:!exec: enable
Feb 24 10:51:59.799: %PARSER-5-CFGLOG_LOGGEDCMD: User:prime logged command:!exec: enable
Feb 24 11:06:54.716: %PARSER-5-CFGLOG_LOGGEDCMD: User:prime logged command:!exec: enable
Feb 24 11:06:59.996: %PARSER-5-CFGLOG_LOGGEDCMD: User:prime logged command:!exec: enable
Feb 24 11:17:54.813: %PARSER-5-CFGLOG_LOGGEDCMD: User:prime logged command:!exec: enable
Feb 24 11:18:00.066: %PARSER-5-CFGLOG_LOGGEDCMD: User:prime logged command:!exec: enable
Feb 24 11:35:05.211: %PARSER-5-CFGLOG_LOGGEDCMD: User:prime logged command:!exec: enable

And that's all of the executed commands.

Hi,

Prime polls device and collect show commands during inventory sync, during config archive collection which can be triggered via inventory change, syslog change on device.

Also, Monitoring Policy defined for switches like Nexus for vpc data collection involve ssh connection and collect  vpc data.

Multi session are connected to perform collection of data and so you may observe ssh connection and enable command execution.

Hi,

thank you for your reply, but why I see that logs only on 3-4 switches and on other switches there's no connection and logs.

All switches are 3850 models with the same IOS image.