Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1166
Views
0
Helpful
2
Replies

Failed to Login Message in Syslog

PolarPanda
Level 1
Level 1

‎09-18-2019 11:27 AM

At below, it's the message I found in syslog, and this "junk" fills up the syslog. The source ip is Cisco Prime Infrastructure. I checked the switch login credential in CPI and it's correct. Can anyone tell me why the user name is empty and CPI tries to login without user name? 

%SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: ] [Source: 10.101.6.40] [localport: 23] [Reason: Login Authentication Failed]

Labels:
0 Helpful
2 Replies 2

Georg Pauwen
VIP
VIP

‎09-18-2019 11:52 AM

Hello,

 

I would delete and reenter the credentials, or if you use SSH, even zeroize the RSA key and reenter it as well.

 

In the meantime, if you want to keep these messages from filling up your logs, use the logging discriminator below:

 

 

logging discriminator SEC_LOGIN severity drops 4 LOGIN mnemonics drops LOGIN_FAILED
!
logging buffered discriminator SEC_LOGIN 100000
logging console discriminator SEC_LOGIN 
logging monitor discriminator SEC_LOGIN

 

And if you have an external (syslog) server specified:

 

logging host 192.168.1.10 discriminator SEC_LOGIN

0 Helpful

PolarPanda
Level 1
Level 1
In response to Georg Pauwen

‎09-18-2019 04:50 PM

It has the correct login credential, and I did receive emails when CPI login with the correct info. I can see the username in the syslog. I can try to delete the device then add it in CPI, but I'd prefer to know what cause the problem. Why does CPI try to login without username? Misconfig? Try to download running config?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card