- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-09-2017 05:02 AM - edited 02-21-2020 06:42 AM
Hi - I need some help with logging users in my network.
At present all our devices (switches) log an entry in buffer when a user logs in.
We recently added an application server which does ssh to switches every 2 minutes to fetch some details and therefore our switch logs get filled up with 'server name' entries - See below:
Show Log#
SEC_LOGIN-5-LOGIN_SUCCESS: Login Success [user: SERVER_X2] [Source: 10.170.31.20] [localport: 22] at 09:10:18 GMT Thu Nov 7 2017
%SEC_LOGIN-5-LOGIN_SUCCESS: Login Success [user: SERVER_X2] [Source: 10.170.31.20] [localport: 22] at 09:12:48 GMT Thu Nov 7 2017
%SEC_LOGIN-5-LOGIN_SUCCESS: Login Success [user: SERVER_X2] [Source: 10.170.31.20] [localport: 22] at 09:14:15 GMT Thu Nov 72017
Is there anyway I can disable logging info for this SERVER_X2 IP 10.170.31.20 ONLY and keep logging enabled for all other users. OR do I have to disable logging for all users ? - please let me know how to achieve this, thanks
Solved! Go to Solution.
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-09-2017 03:56 PM
No sure what type of switch or sw you have, but you could take a look at TCL scripting if that is an option for you.
Don't know if there is another way to do this, here is a short example:
# This will create a file on flash called tcl-test.tcl
# After that you can activate the filter by logging commands.
# Please try in a lab before use!
tclsh
(tcl)#puts [open "tcl-test.tcl" w+] {
+>if [string match "*SERVER_X2*" |::orig_msg] {
+> return ""
+>} else {
+> return $::orig_msg
+>}
+>}
(tcl)#tclquit
#
#(config)logging buffered filtered
#(config)logging filter flash:tcl-test.tcl
You can also create the tcl file in notepad and then upload it with tftp to flash.
if [string match "*SERVER_X2*" |::orig_msg] {
return ""
} else {
return $::orig_msg
}
br, Micke
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-09-2017 03:56 PM
No sure what type of switch or sw you have, but you could take a look at TCL scripting if that is an option for you.
Don't know if there is another way to do this, here is a short example:
# This will create a file on flash called tcl-test.tcl
# After that you can activate the filter by logging commands.
# Please try in a lab before use!
tclsh
(tcl)#puts [open "tcl-test.tcl" w+] {
+>if [string match "*SERVER_X2*" |::orig_msg] {
+> return ""
+>} else {
+> return $::orig_msg
+>}
+>}
(tcl)#tclquit
#
#(config)logging buffered filtered
#(config)logging filter flash:tcl-test.tcl
You can also create the tcl file in notepad and then upload it with tftp to flash.
if [string match "*SERVER_X2*" |::orig_msg] {
return ""
} else {
return $::orig_msg
}
br, Micke
