Filtering 802.1X syslog messages

sean_evershed · ‎03-21-2010

Hi,

I was looking for a method to filter out the following 802.1X syslog messages from a 6509.

It has 240 ports and every port is configured for 802.1X.

There is a potential that an important error message will be hidden by the large number of 802.1X authentication messages.

%AUTHMGR-5-START: Starting 'dot1x' for client (XXXX.XXXX.XXXX) on Interface GiX/Y
%DOT1X-5-SUCCESS: Authentication successful for client (XXXX.XXXX.XXXX.XXXX) on Interface GiX/Y
%AUTHMGR-7-RESULT: Authentication result 'success' from 'dot1x' for client (XXXX.XXXX.XXXX) on Interface GiX/Y

%AUTHMGR-5-SUCCESS: Authorization succeeded for client (XXXX.XXXX.XXXX) on Interface GiX/Y
%AUTHMGR-SP-5-VLANASSIGN: VLAN XXX assigned to Interface GiX/Y
%AUTHMGR-SPSTBY-5-VLANASSIGN: VLAN XXX assigned to Interface GiX/Y

Thanks

Sven Hruza · ‎07-16-2010

Hello,

I have the same question to this (old) thread.

Is there a posibility on a 3560 or 2960 switch to filter those dot1x syslog messages?

IThe only solution I know is to set the severity level to 4. But that is not really what I want....

Thanks a lot!

Sven

selmeczyr75 · ‎10-07-2010

Hi Sean,

A bit lately and I hope you solved you problem since, but did you try filter the logging, like this :

logging discriminator DOT1X msg-body drops "Authorization succeeded"

logging host A.B.C.D discriminator DOT1X

this will filter out sending messages containing "Authorization succeeded" in the logging message body.

you may fine tune the regular-expression for your needs.

HTH.

Roland