Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
500
Views
0
Helpful
0
Replies

Syslog ESM tcl error

dycho_wmata
Level 1
Level 1

‎09-09-2014 06:01 AM

Hello Experts,

The problem I am having appears to be simple but I can't figure it out.  I'd appreciate your help in advance.  I am running a tcl scrip to filter out facility DOT1X but I am getting error message as shown below.

tclsh test.tcl
can't read "::facility": no such variable
    while executing
"if { $::facility == "DOT1X" } {
return ""
} else {
return $::orig_msg
}"
    (file "test.tcl" line 1)

 

sh run:

!
version 12.2
no service pad
no service timestamps debug uptime
no service timestamps log uptime
no service password-encryption
!
hostname PVLAN_Child
!
boot-start-marker
boot-end-marker
!
logging buffered filtered
no logging reload
logging console filtered informational
!
!
!
aaa new-model
!
!
aaa authentication dot1x default group radius
aaa authorization config-commands
aaa authorization exec VTY-EXEC group TACACS-1 local
aaa authorization network default group radius
!
!
!
aaa session-id common
clock timezone EST -5
clock summer-time EDT recurring
switch 1 provision ws-c3750x-48p
system mtu routing 1500
!
!
no ip domain-lookup
vtp mode transparent
!

dot1x system-auth-control
dot1x guest-vlan supplicant
dot1x critical eapol
spanning-tree mode pvst
spanning-tree extend system-id
!
!
!
!
vlan internal allocation policy ascending
!
vlan 10
!
vlan 11
  private-vlan primary
  private-vlan association 102
!
vlan 12,21
!
vlan 101
  private-vlan community
!
vlan 102
  private-vlan isolated
!
vlan 201
  private-vlan community
!
vlan 202
  private-vlan isolated
!
vlan 216
!

!
interface GigabitEthernet1/0/3
 switchport private-vlan host-association 11 102
 switchport mode private-vlan host
 authentication event fail action authorize vlan 11
 authentication event no-response action authorize vlan 11
 authentication port-control auto
 authentication periodic
 authentication timer reauthenticate 3599
 snmp trap mac-notification change added
 snmp trap mac-notification change removed
 dot1x pae authenticator
 dot1x timeout tx-period 10
 spanning-tree portfast
!
interface GigabitEthernet1/0/48
 switchport trunk encapsulation dot1q
 switchport mode trunk
!

interface Vlan1
 no ip address
!
interface Vlan10
 ip address 10.x.x.x 255.255.255.0
!
ip classless
ip http server
ip http secure-server
!
ip radius source-interface Vlan10
logging filter flash:test.tcl
logging source-interface Vlan10
logging host 10.x.x.x filtered
radius-server dead-criteria time 30 tries 3
radius-server host 10.x.x.x auth-port 1812 acct-port 1813 key xxx
radius-server vsa send accounting
radius-server vsa send authentication
!
!
line con 0
 exec-timeout 0 0
line vty 0 4
 exec-timeout 0 0
 privilege level 15
 password cisco
line vty 5 15
 exec-timeout 0 0
 privilege level 15
 password cisco
!
ntp source Vlan10
end

 

IOS Image is

System image file is "flash:/c3750e-universalk9-mz.122-55.SE5/c3750e-universalk9-mz.122-55.SE5.bin"

As expected, I am still getting below syslog message hitting the syslog server.

09-09-2014    08:33:20    Local7.Notice    10.12.231.249    864: %DOT1X-5-SUCCESS: Authentication successful for client (d067.e534.a10c) on Interface Gi1/0/3 AuditSessionID

sh logging
Syslog logging: enabled (0 messages dropped, 0 messages rate-limited, 2 flushes, 0 overruns, xml disabled, filtering enabled)

No Active Message Discriminator.

 

No Inactive Message Discriminator.


    Console logging: level informational, 50 messages logged, xml disabled,
                     filtering enabled
    Monitor logging: level debugging, 0 messages logged, xml disabled,
                     filtering disabled
    Buffer logging:  level debugging, 281 messages logged, xml disabled,
                     filtering enabled (281 messages logged)
    Exception Logging: size (4096 bytes)
    Count and timestamp logging messages: disabled
    File logging: disabled
    Persistent logging: disabled

Filter modules:
    flash:test.tcl

    Trap logging: level informational, 870 message lines logged
        Logging to 10.12.231.10  (udp port 514,  audit disabled,
              authentication disabled, encryption disabled, link up),
              270 message lines logged,
              0 message lines rate-limited,
              0 message lines dropped-by-MD,
              xml disabled, sequence number disabled
              filtering enabled

Log Buffer (4096 bytes):

%SYS-5-CONFIG_I: Configured from console by console^@
%SYS-6-LOGGINGHOST_STARTSTOP: Logging to host 10.12.231.10 Port 514 started - CLI initiated^@
%LINK-5-CHANGED: Interface GigabitEthernet1/0/3, changed state to administratively down^@
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/3, changed state to down^@
%SYS-5-CONFIG_I: Configured from console by console^@
%LINK-3-UPDOWN: Interface GigabitEthernet1/0/3, changed state to down^@
%DOT1X-5-SUCCESS: Authentication successful for client (d067.e534.a10c) on Interface Gi1/0/3 AuditSessionID ^@

 

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Top