Core Switch security threat - Urgent

Answered Question
Dec 30th, 2009

Hi All,


I found the below logs in my one of the core switch, its showing the user is unknown.
There is no user like that only one local user i.e, admin and after Raidus is there.
But why its showing unknown users, is it any security threat something like that and it seems they have writen some commands as per the log.


Experts, could you please check the below logs and tell me what it related to and what necessary actions I should be take.


002040: Dec 30 20:43:07.010: %PARSER-5-CFGLOG_LOGGEDCMD: User:unknown user  logged command:service sequence-numbers
002041: Dec 30 20:52:00.604: %PARSER-5-CFGLOG_LOGGEDCMD: User:unknown user  logged command:username admin privilege 15 nopassword secret *****


Thanks in advance,

Naidu.

Correct Answer by Ganesh Hariharan about 7 years 1 month ago

Hi Naidu,


If you see the error message %PARSER-5-CFGLOG_LOGGEDCMD: User:unknown user  logged command:username admin privilege 15 nopassword secret ***


The Logged Command logged command says username admin with privilege with 15 and password has typed.


So it clear that admin user is logged in.


Hope this clear your query !!


Regards

Ganesh.H

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Ganesh Hariharan Wed, 12/30/2009 - 23:52

Hi Naidu,


As per the logs it says %PARSER-5-CFGLOG_LOGGEDCMD: User:[chars] logged command:[chars] The config logger, which logs every CLI command, has an option to log messages to  syslog. Whenever a CLI command is executed, this message is printed.


Recommended Action: This message DOES NOT denote any error condition. It is a part of the normal  operation of the parser and config logger. If you do not wish to see this syslog message, type "no  cfglog send to syslog".


Hope this helps


Regards

Ganesh.H

Latchum Naidu Thu, 12/31/2009 - 01:02

Hi Ganesh,


Thanks for your reply.


Yes, you are right I have enabled syslog in the switch, which print every typed command in CLI.


But I am looking for what us unknown user? there is no such a user configured in the switch.



Regards,

Naidu.

Correct Answer
Ganesh Hariharan Thu, 12/31/2009 - 02:15

Hi Naidu,


If you see the error message %PARSER-5-CFGLOG_LOGGEDCMD: User:unknown user  logged command:username admin privilege 15 nopassword secret ***


The Logged Command logged command says username admin with privilege with 15 and password has typed.


So it clear that admin user is logged in.


Hope this clear your query !!


Regards

Ganesh.H

Actions

This Discussion