Greetings
We've been setting up our switches with a central logging server and on a 2960x we get both a failure and success syslog message for each successful login over ssh:
Syslog logging: enabled (0 messages dropped, 1 messages rate-limited, 0 flushes, 0 overruns, xml disabled, filtering disabled)
No Active Message Discriminator.
No Inactive Message Discriminator.
Console logging: disabled
Monitor logging: level debugging, 0 messages logged, xml disabled,
filtering disabled
Buffer logging: level debugging, 210 messages logged, xml disabled,
filtering disabled
Exception Logging: size (4096 bytes)
Count and timestamp logging messages: disabled
File logging: disabled
Persistent logging: disabled
No active filter modules.
Trap logging: level informational, 199 message lines logged
Logging to x.x.x.x (udp port 1515, audit disabled,
link up),
25 message lines logged,
0 message lines rate-limited,
0 message lines dropped-by-MD,
xml disabled, sequence number disabled
filtering disabled
Logging Source-Interface: VRF Name:
Log Buffer (4096 bytes):
down
Jul 27 21:52:56.594 PDT: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/52, changed state to down
Jul 27 21:59:54.999 PDT: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/52, changed state to up
Jul 27 21:59:56.002 PDT: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/52, changed state to up
Jul 28 15:15:07.752 PDT: %SYS-6-LOGGINGHOST_STARTSTOP: Logging to host x.x.x.x port 1515 stopped - CLI initiated
Jul 28 15:15:08.829 PDT: %SYS-5-CONFIG_I: Configured from console by admin on vty0 (x.x.x.x)
Jul 28 15:15:29.417 PDT: %SYS-6-LOGGINGHOST_STARTSTOP: Logging to host x.x.x.x port 0 CLI Request Triggered
Jul 28 15:15:30.364 PDT: %SYS-5-CONFIG_I: Configured from console by admin on vty0 (x.x.x.x)
Jul 28 15:15:30.563 PDT: %SYS-6-LOGGINGHOST_STARTSTOP: Logging to host x.x.x.x port 1515 started - CLI initiated
Jul 28 15:20:29.749 PDT: %SYS-5-CONFIG_I: Configured from console by admin on vty0 (x.x.x.x)
Jul 28 15:20:39.770 PDT: %SYS-6-LOGOUT: User admin has exited tty session 1(x.x.x.x)
Jul 28 15:20:46.289 PDT: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: admin] [Source: x.x.x.x] [localport: 22] [Reason: Login Authentication Failed] at 15:20:46 PDT Wed Jul 28 2021
Jul 28 15:20:47.747 PDT: %SEC_LOGIN-5-LOGIN_SUCCESS: Login Success [user: admin] [Source: x.x.x.x] [localport: 22] at 15:20:47 PDT Wed Jul 28 2021
Jul 28 15:21:10.600 PDT: %SYS-6-LOGOUT: User admin has exited tty session 1(x.x.x.x)
Jul 28 15:21:18.136 PDT: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: admin] [Source: x.x.x.x] [localport: 22] [Reason: Login Authentication Failed] at 15:21:18 PDT Wed Jul 28 2021
Jul 28 15:21:20.499 PDT: %SEC_LOGIN-5-LOGIN_SUCCESS: Login Success [user: admin] [Source: x.x.x.x] [localport: 22] at 15:21:20 PDT Wed Jul 28 2021
Jul 28 15:21:55.233 PDT: %SYS-6-LOGOUT: User admin has exited tty session 1(x.x.x.x)
Jul 28 15:29:00.038 PDT: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: admin] [Source: x.x.x.x] [localport: 22] [Reason: Login Authentication Failed] at 15:29:00 PDT Wed Jul 28 2021
Jul 28 15:29:05.519 PDT: %SEC_LOGIN-5-LOGIN_SUCCESS: Login Success [user: admin] [Source: x.x.x.x] [localport: 22] at 15:29:05 PDT Wed Jul 28 2021
Jul 28 15:30:34.317 PDT: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: admin] [Source: x.x.x.x] [localport: 22] [Reason: Login Authentication Failed] at 15:30:34 PDT Wed Jul 28 2021
Jul 28 15:30:36.942 PDT: %SEC_LOGIN-5-LOGIN_SUCCESS: Login Success [user: admin] [Source: x.x.x.x] [localport: 22] at 15:30:36 PDT Wed Jul 28 2021
Jul 28 15:31:48.917 PDT: %SYS-6-LOGOUT: User admin has exited tty session 1(x.x.x.x)
Jul 28 15:31:55.457 PDT: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: admin] [Source: x.x.x.x] [localport: 22] [Reason: Login Authentication Failed] at 15:31:55 PDT Wed Jul 28 2021
Jul 28 15:31:58.896 PDT: %SEC_LOGIN-5-LOGIN_SUCCESS: Login Success [user: admin] [Source: x.x.x.x] [localport: 22] at 15:31:58 PDT Wed Jul 28 2021
Jul 28 15:41:46.036 PDT: %SYS-6-LOGOUT: User admin has exited tty session 1(x.x.x.x)each one of the above attemps were successful with no failures on the client-end. This is proving troublesome when setting up dashboards and alerts in Graylog. Any ideas?
Thanks folks
