At below, it's the message I found in syslog, and this "junk" fills up the syslog. The source ip is Cisco Prime Infrastructure. I checked the switch login credential in CPI and it's correct. Can anyone tell me why the user name is empty and CPI tries to login without user name?
%SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: ] [Source: 10.101.6.40] [localport: 23] [Reason: Login Authentication Failed]
I would delete and reenter the credentials, or if you use SSH, even zeroize the RSA key and reenter it as well.
In the meantime, if you want to keep these messages from filling up your logs, use the logging discriminator below:
logging discriminator SEC_LOGIN severity drops 4 LOGIN mnemonics drops LOGIN_FAILED
logging buffered discriminator SEC_LOGIN 100000
logging console discriminator SEC_LOGIN
logging monitor discriminator SEC_LOGIN
And if you have an external (syslog) server specified:
logging host 192.168.1.10 discriminator SEC_LOGIN
It has the correct login credential, and I did receive emails when CPI login with the correct info. I can see the username in the syslog. I can try to delete the device then add it in CPI, but I'd prefer to know what cause the problem. Why does CPI try to login without username? Misconfig? Try to download running config?