Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
12728
Views
11
Helpful
6
Replies

How to filter log entries?

Go to solution
Flavio Boniforti
Level 1
Level 1

‎02-27-2014 03:51 AM - edited ‎03-07-2019 06:26 PM

Hi everybody.

Is there any way to filter what's getting logged? Particularly, I would like to get rid of dot1x authentication failure messages, like these:

000271: Feb 27 12:40:18: %MAB-5-FAIL: Authentication failed for client (b499.baf6.abbc) on Interface Gi3/0/37 AuditSessionID AC1E20AA0000001200038F36

000272: Feb 27 12:40:18: %AUTHMGR-5-FAIL: Authorization failed or unapplied for client (b499.baf6.abbc) on Interface Gi3/0/37 AuditSessionID AC1E20AA0000001200038F36

I know that above messages are "legal" or "expected behavior" because of running "open authentication", so I'm not interested in having those filling up my logs on the syslog server. In case of need, I still would be able to set logging back...

Any help will be appreciated.

Thanks,

Flavio.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Dragan Ilic
Level 4
Level 4
In response to Flavio Boniforti

‎02-28-2014 12:16 AM

Can you try that with "logging monitor warnings" instead?

Because you are using "terminal monitor" command...

HTH,
Dragan

HTH,
Dragan

View solution in original post

6 Replies 6

Go to solution
Dragan Ilic
Level 4
Level 4

‎02-27-2014 04:08 AM

You can try with "logging severity" if it's not impacting other requirements:

http://www.ciscopress.com/articles/article.asp?p=101658&seqNum=3

I suppose we are talking about IOS off course...

HTH,
Dragan

HTH,
Dragan

Go to solution
Flavio Boniforti
Level 1
Level 1
In response to Dragan Ilic

‎02-27-2014 04:18 AM

Hi Dragan.

Thanks for your suggestion. In fact, I could try to change the logging severity, but it might impact on other log messages.

Is there any resource which shows which kind of log record pertains to which severity level?

I would like to get rid of the mentioned log entries, but still need to have log entries when bpduguard is err-disabling a switchport...

I believe you understand what I want to achieve and yes: we're takling about IOS (on a 3850 Catalyst).

Thanks,

Flavio.

0 Helpful

Go to solution
Dragan Ilic
Level 4
Level 4
In response to Flavio Boniforti

‎02-27-2014 04:27 AM

You can see from message that it's severity 5...

Maybe you can use this community thread:

https://supportforums.cisco.com/thread/2166887

You can use "FAIL" instead of "SUCCESS" like in example in thread...give it a try...

In this linke example:

http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/esm/command/esm-cr-book/esm-cr-a1.html#GUID-B7887982-361D-4C8E-BAAF-977AEC1C78EA

you could see how to filter all severity 5 messages also...

HTH,
Dragan

HTH,
Dragan
0 Helpful

Go to solution
Flavio Boniforti
Level 1
Level 1
In response to Dragan Ilic

‎02-28-2014 12:12 AM

Hi again Dragan.

I've successfully lowered the severity level for syslog (logging buffered warnings) but the same didn't work for console output (logging console warnings): when I do "term moni" I still see severity 5 messages.

How would I get rid of that too?

Thanks and regards,

Flavio.

0 Helpful

Go to solution
Dragan Ilic
Level 4
Level 4
In response to Flavio Boniforti

‎02-28-2014 12:16 AM

Can you try that with "logging monitor warnings" instead?

Because you are using "terminal monitor" command...

HTH,
Dragan

HTH,
Dragan

Go to solution
Flavio Boniforti
Level 1
Level 1
In response to Dragan Ilic

‎03-01-2014 05:07 AM

Great Dragan, that's what I was looking for!

Now I did this:

conf t

logging buffered warnings

logging console warnings

logging monitor warning

end

Thanks and regards,

F.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card