Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

Core Switch security threat - Urgent

Hi All,

I found the below logs in my one of the core switch, its showing the user is unknown.
There is no user like that only one local user i.e, admin and after Raidus is there.
But why its showing unknown users, is it any security threat something like that and it seems they have writen some commands as per the log.

Experts, could you please check the below logs and tell me what it related to and what necessary actions I should be take.


002040: Dec 30 20:43:07.010: %PARSER-5-CFGLOG_LOGGEDCMD: User:unknown user  logged command:service sequence-numbers
002041: Dec 30 20:52:00.604: %PARSER-5-CFGLOG_LOGGEDCMD: User:unknown user  logged command:username admin privilege 15 nopassword secret *****


Thanks in advance,

Naidu.

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Core Switch security threat - Urgent

Hi Naidu,

If you see the error message %PARSER-5-CFGLOG_LOGGEDCMD: User:unknown user  logged command:username admin privilege 15 nopassword secret ***

The Logged Command logged command says username admin with privilege with 15 and password has typed.

So it clear that admin user is logged in.

Hope this clear your query !!

Regards

Ganesh.H

3 REPLIES

Re: Core Switch security threat - Urgent

Hi Naidu,

As per the logs it says %PARSER-5-CFGLOG_LOGGEDCMD: User:[chars] logged command:[chars] The config logger, which logs every CLI command, has an option to log messages to  syslog. Whenever a CLI command is executed, this message is printed.

Recommended Action: This message DOES NOT denote any error condition. It is a part of the normal  operation of the parser and config logger. If you do not wish to see this syslog message, type "no  cfglog send to syslog".

Hope this helps

Regards

Ganesh.H

Re: Core Switch security threat - Urgent

Hi Ganesh,

Thanks for your reply.

Yes, you are right I have enabled syslog in the switch, which print every typed command in CLI.

But I am looking for what us unknown user? there is no such a user configured in the switch.

Regards,

Naidu.

Re: Core Switch security threat - Urgent

Hi Naidu,

If you see the error message %PARSER-5-CFGLOG_LOGGEDCMD: User:unknown user  logged command:username admin privilege 15 nopassword secret ***

The Logged Command logged command says username admin with privilege with 15 and password has typed.

So it clear that admin user is logged in.

Hope this clear your query !!

Regards

Ganesh.H

306
Views
0
Helpful
3
Replies
CreatePlease to create content