Re: CISCO MDS 9124 SYSLOG NOT SENDING SUCCESSFUL SSH LOGINS TO EXTERNAL SYSLOG SERVER

v3nt0 · ‎10-19-2020

Hello everyone !!

Would somebody kindly help me to fix this issue?

Due to security policies I need to receive the successful and unsuccessful SSH logins on my centralized syslog servers, I'm able to see and receive properly the unsuccessful login messages but it's not working for the successful logins.

I tried to change almost everything at the severity levels, but it's still not working.

Below you can find my configuration:

The ones that I've changed are in bold and underlined.

CISCOSAN01# sh logging info

Logging console:                enabled (Severity: critical)
Logging monitor:                enabled (Severity: notifications)
Logging linecard:               enabled (Severity: notifications)
Logging timestamp:              Seconds
Logging server:                 enabled
{9.140.1.11}
        server severity:        information
        server facility:        local7
{9.140.1.10}
        server severity:        notifications
        server facility:        local7
{severity}
        This server is temporarily unreachable
        server severity:        warnings
        server facility:        local7
Logging logfile:                enabled
        Name - messages: Severity - notifications Size - 4194304

Facility        Default Severity        Current Session Severity
--------        ----------------        ------------------------
aaa                     3                       6
acl                     2                       2
auth                    0                       5
authpriv                3                       5
bootvar                 5                       5
callhome                2                       2
capability              2                       2
cdp                     2                       2
cert_enroll             2                       2
cfs                     3                       3
clis                    7                       7
confcheck               2                       2
cron                    3                       3
daemon                  3                       7
device-alias            3                       3
dstats                  2                       2
epp                     5                       5
ethport                 5                       5
evmc                    5                       5
evms                    2                       2
fabric_start_cfg_mgr    2                       2
fc2d                    2                       2
fcdomain                3                       3
fcns                    2                       2
fcs                     2                       2
fdmi                    2                       2
feature-mgr             2                       2
flogi                   2                       2
fs-daemon               2                       2
fspf                    3                       3
ftp                     3                       3
ipacl                   2                       2
ipconf                  5                       5
ipfc                    2                       2
kern                    3                       7
ldap                    2                       2
licmgr                  6                       6
local0                  3                       3
local1                  3                       3
local2                  3                       3
local3                  3                       3
local4                  3                       3
local5                  3                       3
local6                  3                       3
local7                  3                       6
lpr                     3                       3
mail                    3                       3
mcast                   2                       2
module                  5                       5
mvsh                    2                       2
news                    3                       3
ntp                     2                       2
platform                5                       5
plugin                  2                       2
port                    5                       5
port-channel            5                       5
port-resources          5                       5
qos                     3                       3
radius                  3                       3
rdl                     2                       2
rib                     2                       2
rlir                    2                       2
rscn                    2                       2
scsi-target             2                       2
securityd               3                       7
snmpd                   2                       2
span                    5                       5
syslog                  3                       3
sysmgr                  3                       3
SystemHealth            4                       4
user                    3                       7
uucp                    3                       3
vni                     2                       2
vrrp-cfg                3                       3
vrrp-eng                3                       3
vsan                    2                       2
vshd                    5                       5
wwn                     3                       3
xbar                    5                       5
zbm                     3                       3
zone                    2                       2

0(emergencies)          1(alerts)       2(critical)
3(errors)               4(warnings)     5(notifications)
6(information)          7(debugging)

Kirk J · ‎10-21-2020

Greetings.

Please see https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvh58592

What firmware version are you on currently?

Kirk...

v3nt0 · ‎10-21-2020

Hi Kirk, thanks for responding.

Currently we are running on version 5.2(8i), which is not listed as affected by that particular bug.

Today I changed all facilities severity to 6, but I'm still unable to receive the successful logins.

any other idea?

Thanks!!