Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

How to filter log entries?

Hi everybody.

Is there any way to filter what's getting logged? Particularly, I would like to get rid of dot1x authentication failure messages, like these:

000271: Feb 27 12:40:18: %MAB-5-FAIL: Authentication failed for client (b499.baf6.abbc) on Interface Gi3/0/37 AuditSessionID AC1E20AA0000001200038F36

000272: Feb 27 12:40:18: %AUTHMGR-5-FAIL: Authorization failed or unapplied for client (b499.baf6.abbc) on Interface Gi3/0/37 AuditSessionID AC1E20AA0000001200038F36

I know that above messages are "legal" or "expected behavior" because of running "open authentication", so I'm not interested in having those filling up my logs on the syslog server. In case of need, I still would be able to set logging back...

Any help will be appreciated.

Thanks,

Flavio.

Everyone's tags (4)
1 ACCEPTED SOLUTION

Accepted Solutions
Silver

How to filter log entries?

Can you try that with "logging monitor warnings" instead?

Because you are using "terminal monitor" command...

HTH,
Dragan

HTH, Dragan
6 REPLIES
Silver

How to filter log entries?

You can try with "logging severity" if it's not impacting other requirements:

http://www.ciscopress.com/articles/article.asp?p=101658&seqNum=3

I suppose we are talking about IOS off course...

HTH,
Dragan

HTH, Dragan
New Member

How to filter log entries?

Hi Dragan.

Thanks for your suggestion. In fact, I could try to change the logging severity, but it might impact on other log messages.

Is there any resource which shows which kind of log record pertains to which severity level?

I would like to get rid of the mentioned log entries, but still need to have log entries when bpduguard is err-disabling a switchport...

I believe you understand what I want to achieve and yes: we're takling about IOS (on a 3850 Catalyst).

Thanks,

Flavio.

Silver

How to filter log entries?

You can see from message that it's severity 5...

Maybe you can use this community thread:

https://supportforums.cisco.com/thread/2166887

You can use "FAIL" instead of "SUCCESS" like in example in thread...give it a try...

In this linke example:

http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/esm/command/esm-cr-book/esm-cr-a1.html#GUID-B7887982-361D-4C8E-BAAF-977AEC1C78EA

you could see how to filter all severity 5 messages also...

HTH,
Dragan

HTH, Dragan
New Member

How to filter log entries?

Hi again Dragan.

I've successfully lowered the severity level for syslog (logging buffered warnings) but the same didn't work for console output (logging console warnings): when I do "term moni" I still see severity 5 messages.

How would I get rid of that too?

Thanks and regards,

Flavio.

Silver

How to filter log entries?

Can you try that with "logging monitor warnings" instead?

Because you are using "terminal monitor" command...

HTH,
Dragan

HTH, Dragan
New Member

How to filter log entries?

Great Dragan, that's what I was looking for!

Now I did this:

conf t

logging buffered warnings

logging console warnings

logging monitor warning

end

Thanks and regards,

F.

930
Views
0
Helpful
6
Replies