Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
11162
Views
5
Helpful
3
Replies

Quiet Mode On from router logs

Forbes Jenalyn Rose
Level 1
Level 1

‎11-28-2012 05:38 PM - edited ‎03-07-2019 10:18 AM

Hi,

Can anyone please explain to me the logs we have from our router?

cnshaccent-gw-2#sh log

Syslog logging: enabled (0 messages dropped, 27 messages rate-limited,

                0 flushes, 0 overruns, xml disabled, filtering disabled)

No Active Message Discriminator.

No Inactive Message Discriminator.

    Console logging: level debugging, 3604 messages logged, xml disabled,

                     filtering disabled

    Monitor logging: level debugging, 1683 messages logged, xml disabled,

                     filtering disabled

    Buffer logging:  level warnings, 50 messages logged, xml disabled,

                     filtering disabled

    Logging Exception size (4096 bytes)

    Count and timestamp logging messages: disabled

    Persistent logging: disabled

No active filter modules.

ESM: 0 messages dropped

    Trap logging: level informational, 669 message lines logged

Log Buffer (51200 bytes):

*Nov 27 07:05:58.439: %SEC_LOGIN-1-QUIET_MODE_ON: Still timeleft for watching failures is 3 secs, [user: root] [Source: 200.35.149.39] [localport: 22] [Reason: Login Authentication Failed] [ACL: sl_def_acl] at 07:05:58 UTC Tue Nov 27 2012

*Nov 27 23:09:21.067: %SEC_LOGIN-1-QUIET_MODE_ON: Still timeleft for watching failures is 2 secs, [user: root] [Source: 176.53.62.148] [localport: 22] [Reason: Login Authentication Failed] [ACL: sl_def_acl] at 23:09:21 UTC Tue Nov 27 2012

*Nov 28 22:05:59.189: %SEC_LOGIN-1-QUIET_MODE_ON: Still timeleft for watching failures is 4 secs, [user: root] [Source: 218.56.62.244] [localport: 22] [Reason: Login Authentication Failed] [ACL: sl_def_acl] at 22:05:59 UTC Wed Nov 28 2012

*Nov 28 22:05:59.313: %SEC_LOGIN-1-QUIET_MODE_ON: Still timeleft for watching failures is 0 secs, [user: root] [Source: 218.56.62.244] [localport: 22] [Reason: Login Authentication Failed] [ACL: sl_def_acl] at 22:05:59 UTC Wed Nov 28 2012

*Nov 28 22:05:59.461: %SEC_LOGIN-1-QUIET_MODE_ON: Still timeleft for watching failures is 0 secs, [user: root] [Source: 218.56.62.244] [localport: 22] [Reason: Login Authentication Failed] [ACL: sl_def_acl] at 22:05:59 UTC Wed Nov 28 2012

*Nov 28 22:07:11.077: %SEC_LOGIN-1-QUIET_MODE_ON: Still timeleft for watching failures is 18 secs, [user: root] [Source: 218.56.62.244] [localport: 22] [Reason: Login Authentication Failed] [ACL: sl_def_acl] at 22:07:11 UTC Wed Nov 28 2012

*Nov 28 22:07:12.357: %SEC_LOGIN-1-QUIET_MODE_ON: Still timeleft for watching failures is 0 secs, [user: root] [Source: 218.56.62.244] [localport: 22] [Reason: Login Authentication Failed] [ACL: sl_def_acl] at 22:07:12 UTC Wed Nov 28 2012

*Nov 28 22:07:12.493: %SEC_LOGIN-1-QUIET_MODE_ON: Still timeleft for watching failures is 0 secs, [user: root] [Source: 218.56.62.244] [localport: 22] [Reason: Login Authentication Failed] [ACL: sl_def_acl] at 22:07:12 UTC Wed Nov 28 2012

*Nov 28 22:08:47.121: %SEC_LOGIN-1-QUIET_MODE_ON: Still timeleft for watching failures is 7 secs, [user: root] [Source: 218.56.62.244] [localport: 22] [Reason: Login Authentication Failed] [ACL: sl_def_acl] at 22:08:47 UTC Wed Nov 28 2012

*Nov 28 22:10:32.389: %SEC_LOGIN-1-QUIET_MODE_ON: Still timeleft for watching failures is 15 secs, [user: root] [Source: 218.56.62.244] [localport: 22] [Reason: Login Authentication Failed] [ACL: sl_def_acl] at 22:10:32 UTC Wed Nov 28 2012

*Nov 28 22:10:35.781: %SEC_LOGIN-1-QUIET_MODE_ON: Still timeleft for watching failures is 0 secs, [user: root] [Source: 218.56.62.244] [localport: 22] [Reason: Login Authentication Failed] [ACL: sl_def_acl] at 22:10:35 UTC Wed Nov 28 2012

*Nov 28 22:10:40.105: %SEC_LOGIN-1-QUIET_MODE_ON: Still timeleft for watching failures is 0 secs, [user: root] [Source: 218.56.62.244] [localport: 22] [Reason: Login Authentication Failed] [ACL: sl_def_acl] at 22:10:40 UTC Wed Nov 28 2012

*Nov 28 23:02:32.389: %SEC_LOGIN-1-QUIET_MODE_ON: Still timeleft for watching failures is 8 secs, [user: root] [Source: 111.74.82.33] [localport: 22] [Reason: Login Authentication Failed] [ACL: sl_def_acl] at 23:02:32 UTC Wed Nov 28 2012

*Nov 28 23:02:32.589: %SEC_LOGIN-1-QUIET_MODE_ON: Still timeleft for watching failures is 0 secs, [user: root] [Source: 111.74.82.33] [localport: 22] [Reason: Login Authentication Failed] [ACL: sl_def_acl] at 23:02:32 UTC Wed Nov 28 2012

*Nov 28 23:02:38.929: %SEC_LOGIN-1-QUIET_MODE_ON: Still timeleft for watching failures is 0 secs, [user: root] [Source: 111.74.82.33] [localport: 22] [Reason: Login Authentication Failed] [ACL: sl_def_acl] at 23:02:38 UTC Wed Nov 28 2012

*Nov 28 23:02:42.697: %SEC_LOGIN-1-QUIET_MODE_ON: Still timeleft for watching failures is 0 secs, [user: root] [Source: 111.74.82.33] [localport: 22] [Reason: Login Authentication Failed] [ACL: sl_def_acl] at 23:02:42 UTC Wed Nov 28 2012

*Nov 28 23:02:42.769: %SEC_LOGIN-1-QUIET_MODE_ON: Still timeleft for watching failures is 0 secs, [user: root] [Source: 111.74.82.33] [localport: 22] [Reason: Login Authentication Failed] [ACL: sl_def_acl] at 23:02:42 UTC Wed Nov 28 2012

*Nov 29 01:16:47.725: %LINK-3-UPDOWN: Interface GigabitEthernet0/1, changed state to up

Thank you!

1 person had this problem
Labels:
0 Helpful
3 Replies 3

Reza Sharifi
Hall of Fame
Hall of Fame

‎11-28-2012 06:43 PM

Hi,

Use the login quiet-mode access-class command  to selectively allow hosts on the basis of a specified ACL. You may use  this command to grant an active client or list of clients an infinite  number of failed attempts that are not counted by the router; that is,  the active clients are placed on a "safe list" that allows them access  to the router despite a quiet period.

System Logging Messages

The following logging message is generated after the router switches to quiet mode: 

00:04:07:%SEC_LOGIN-1-QUIET_MODE_ON:Still timeleft for watching failures is 158 seconds, [user:sfd] [Source:10.4.2.11] [locMalport:23] [Reason:Invalid login], [ACL:22] at 16:17:23 UTC Wed Feb 26 2003

For more info refer to this link:

http://www.cisco.com/en/US/docs/ios/12_3t/secur/command/reference/sec_k1gt.html

HTH

Forbes Jenalyn Rose
Level 1
Level 1
In response to Reza Sharifi

‎01-03-2013 07:00 PM

Hi Reza,

Should this error message affect some routing issue?

We are experiencing an issue in our China office (with this error messages on router logs), we cannot access some of our customers site and would like to know if this is related.

Thank you.

Regards,

Jenna

0 Helpful

ciscoboyyy
Cisco Employee
Cisco Employee
In response to Reza Sharifi

‎05-30-2023 06:37 AM

Hello @Reza Sharifi , 

Good day to you

 

I just wanted to know if there's any way to mitigate this %SEC_LOGIN-1-QUIET_MODE_ON error log from popping up and how do we get rid of this prompt in spite of the device config showing quiet mode is disabled!?

 

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card