cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

171
Views
0
Helpful
2
Replies
Highlighted
Beginner

Failed to Login Message in Syslog

At below, it's the message I found in syslog, and this "junk" fills up the syslog. The source ip is Cisco Prime Infrastructure. I checked the switch login credential in CPI and it's correct. Can anyone tell me why the user name is empty and CPI tries to login without user name? 

%SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: ] [Source: 10.101.6.40] [localport: 23] [Reason: Login Authentication Failed]

2 REPLIES 2
VIP Mentor

Re: Failed to Login Message in Syslog

Hello,

 

I would delete and reenter the credentials, or if you use SSH, even zeroize the RSA key and reenter it as well.

 

In the meantime, if you want to keep these messages from filling up your logs, use the logging discriminator below:

 

 

logging discriminator SEC_LOGIN severity drops 4 LOGIN mnemonics drops LOGIN_FAILED
!
logging buffered discriminator SEC_LOGIN 100000
logging console discriminator SEC_LOGIN 
logging monitor discriminator SEC_LOGIN

 

And if you have an external (syslog) server specified:

 

logging host 192.168.1.10 discriminator SEC_LOGIN

Beginner

Re: Failed to Login Message in Syslog

It has the correct login credential, and I did receive emails when CPI login with the correct info. I can see the username in the syslog. I can try to delete the device then add it in CPI, but I'd prefer to know what cause the problem. Why does CPI try to login without username? Misconfig? Try to download running config?

CreatePlease to create content
Content for Community-Ad
July's Community Spotlight Awards