Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
593
Views
0
Helpful
3
Replies

Core Switch security threat - Urgent

Go to solution
Latchum Naidu
VIP Alumni
VIP Alumni

‎12-30-2009 11:11 PM - edited ‎03-06-2019 09:07 AM

Hi All,

I found the below logs in my one of the core switch, its showing the user is unknown.
There is no user like that only one local user i.e, admin and after Raidus is there.
But why its showing unknown users, is it any security threat something like that and it seems they have writen some commands as per the log.

Experts, could you please check the below logs and tell me what it related to and what necessary actions I should be take.


002040: Dec 30 20:43:07.010: %PARSER-5-CFGLOG_LOGGEDCMD: User:unknown user  logged command:service sequence-numbers
002041: Dec 30 20:52:00.604: %PARSER-5-CFGLOG_LOGGEDCMD: User:unknown user  logged command:username admin privilege 15 nopassword secret *****


Thanks in advance,

Naidu.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Ganesh Hariharan
VIP Alumni
VIP Alumni
In response to Latchum Naidu

‎12-31-2009 02:15 AM

Hi Naidu,

If you see the error message %PARSER-5-CFGLOG_LOGGEDCMD: User:unknown user  logged command:username admin privilege 15 nopassword secret ***

The Logged Command logged command says username admin with privilege with 15 and password has typed.

So it clear that admin user is logged in.

Hope this clear your query !!

Regards

Ganesh.H

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Ganesh Hariharan
VIP Alumni
VIP Alumni

‎12-30-2009 11:52 PM

Hi Naidu,

As per the logs it says %PARSER-5-CFGLOG_LOGGEDCMD: User:[chars] logged command:[chars] The config logger, which logs every CLI command, has an option to log messages to  syslog. Whenever a CLI command is executed, this message is printed.

Recommended Action: This message DOES NOT denote any error condition. It is a part of the normal  operation of the parser and config logger. If you do not wish to see this syslog message, type "no  cfglog send to syslog".

Hope this helps

Regards

Ganesh.H

0 Helpful

Go to solution
Latchum Naidu
VIP Alumni
VIP Alumni
In response to Ganesh Hariharan

‎12-31-2009 01:02 AM

Hi Ganesh,

Thanks for your reply.

Yes, you are right I have enabled syslog in the switch, which print every typed command in CLI.

But I am looking for what us unknown user? there is no such a user configured in the switch.

Regards,

Naidu.

0 Helpful

Go to solution
Ganesh Hariharan
VIP Alumni
VIP Alumni
In response to Latchum Naidu

‎12-31-2009 02:15 AM

Hi Naidu,

If you see the error message %PARSER-5-CFGLOG_LOGGEDCMD: User:unknown user  logged command:username admin privilege 15 nopassword secret ***

The Logged Command logged command says username admin with privilege with 15 and password has typed.

So it clear that admin user is logged in.

Hope this clear your query !!

Regards

Ganesh.H

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card