Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2072
Views
0
Helpful
1
Replies

how to disable logging for single user in logging buffer of a switch

Go to solution
Bali Khan
Level 1
Level 1

‎11-09-2017 05:02 AM - edited ‎02-21-2020 06:42 AM

Hi - I need some help with logging users in my network.

At present all our devices (switches) log an entry in buffer when a user logs in.

We recently added an application server which does ssh to switches every 2 minutes to fetch some details and therefore our switch logs get filled up with 'server name' entries - See below:

Show Log#

SEC_LOGIN-5-LOGIN_SUCCESS: Login Success [user: SERVER_X2] [Source: 10.170.31.20] [localport: 22] at 09:10:18 GMT Thu Nov 7 2017
%SEC_LOGIN-5-LOGIN_SUCCESS: Login Success [user: SERVER_X2] [Source: 10.170.31.20] [localport: 22] at 09:12:48 GMT Thu Nov 7 2017
%SEC_LOGIN-5-LOGIN_SUCCESS: Login Success [user: SERVER_X2] [Source: 10.170.31.20] [localport: 22] at 09:14:15 GMT Thu Nov 72017

 

Is there anyway I can disable logging info for this SERVER_X2 IP 10.170.31.20 ONLY and keep logging enabled for all other users. OR do I have to disable logging for all users ? - please let me know how to achieve this, thanks

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
mikael.lahtela
Level 4
Level 4

‎11-09-2017 03:56 PM

Hi,

No sure what type of switch or sw you have, but you could take a look at TCL scripting if that is an option for you.
Don't know if there is another way to do this, here is a short example:


# This will create a file on flash called tcl-test.tcl
# After that you can activate the filter by logging commands.
# Please try in a lab before use!
tclsh
(tcl)#puts [open "tcl-test.tcl" w+] {
+>if [string match "*SERVER_X2*" |::orig_msg] {
+> return ""
+>} else {
+> return $::orig_msg
+>}
+>}
(tcl)#tclquit
#
#(config)logging buffered filtered
#(config)logging filter flash:tcl-test.tcl

You can also create the tcl file in notepad and then upload it with tftp to flash.
if [string match "*SERVER_X2*" |::orig_msg] {
return ""
} else {
return $::orig_msg
}

br, Micke

View solution in original post

0 Helpful
1 Reply 1

Go to solution
mikael.lahtela
Level 4
Level 4

‎11-09-2017 03:56 PM

Hi,

No sure what type of switch or sw you have, but you could take a look at TCL scripting if that is an option for you.
Don't know if there is another way to do this, here is a short example:


# This will create a file on flash called tcl-test.tcl
# After that you can activate the filter by logging commands.
# Please try in a lab before use!
tclsh
(tcl)#puts [open "tcl-test.tcl" w+] {
+>if [string match "*SERVER_X2*" |::orig_msg] {
+> return ""
+>} else {
+> return $::orig_msg
+>}
+>}
(tcl)#tclquit
#
#(config)logging buffered filtered
#(config)logging filter flash:tcl-test.tcl

You can also create the tcl file in notepad and then upload it with tftp to flash.
if [string match "*SERVER_X2*" |::orig_msg] {
return ""
} else {
return $::orig_msg
}

br, Micke
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card