Buy or Renew
Buy or Renew
Cisco DNA Center is now Catalyst Center. New name, same great product. Learn more about Catalyst Center here.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation

Who Me Too'd this topic

Suppressing Multiple SYSLOG Messages via a Single SYSLOG Discriminator

AntDPre
Level 1
Level 1

‎09-06-2023 06:06 AM - edited ‎09-06-2023 06:08 AM

Hello Community,

 After deploying DNAC in my environment I noticed that it creates a huge number of logs on my network devices. The problem children logs are those specifically pertaining to SSH logins and TTY session exits by DNAC. These logins and exits are completely filling up my logs. I use SYSLOG message discriminators to suppress certain log messages from time to time so I am familiar with the process/syntax but I have only ever used discriminators for single log events. The issue here is the DNAC login events create three specific messages each time the system logs into a network device:

Login Success [user: dnac] [Source: X.X.X.X] [localport: 22] at 13:42:09 CET Wed Sep 6 2023
Privilege level set to 1 by dnac on vty0 (X.X.X.X)
User dnac has exited tty session 2(X.X.X.X) 

My intent is to suppress each instance of these three logs from showing up in the logging buffer, console log, and monitor log. I have tried doing this via multiple configured discriminators but it seems that only one discriminator may be active at any given time. So my question is, is there a way to use regular expressions to combine match criteria for several different messages into a single discriminator? To highlight what I mean, if I wanted to use the message body as the trigger, could I use something like the following to target specific parts of the message body for three different log messages?

logging discriminator DROP_DNA msg-body drops dna|Privilege|tty 

logging buffer discriminator DROP_DNA
logging monitor discriminator DROP_DNA
logging console discriminator DROP_DNA

If not, what can I do to create a single discriminator that will essentially target multiple different SYSLOG messages? Is this even possible and, if not, is there another way to do this?

I have service accounts in use for ISE/PRIME/DNA etc. that all create logs that I need to suppress from the buffer, monitor, and console. The ability to have only one discriminator active that is only able to target a single message doesn't work for me. 

Thank you for any assistance you may be able to provide!

 

1 person had this problem
Labels:
0 Helpful
Who Me Too'd this topic