Cisco Support Community
Community Member

Syslog ESM tcl error

Hello Experts,

The problem I am having appears to be simple but I can't figure it out.  I'd appreciate your help in advance.  I am running a tcl scrip to filter out facility DOT1X but I am getting error message as shown below.

tclsh test.tcl
can't read "::facility": no such variable
    while executing
"if { $::facility == "DOT1X" } {
return ""
} else {
return $::orig_msg
    (file "test.tcl" line 1)


sh run:

version 12.2
no service pad
no service timestamps debug uptime
no service timestamps log uptime
no service password-encryption
hostname PVLAN_Child
logging buffered filtered
no logging reload
logging console filtered informational
aaa new-model
aaa authentication dot1x default group radius
aaa authorization config-commands
aaa authorization exec VTY-EXEC group TACACS-1 local
aaa authorization network default group radius
aaa session-id common
clock timezone EST -5
clock summer-time EDT recurring
switch 1 provision ws-c3750x-48p
system mtu routing 1500
no ip domain-lookup
vtp mode transparent

dot1x system-auth-control
dot1x guest-vlan supplicant
dot1x critical eapol
spanning-tree mode pvst
spanning-tree extend system-id
vlan internal allocation policy ascending
vlan 10
vlan 11
  private-vlan primary
  private-vlan association 102
vlan 12,21
vlan 101
  private-vlan community
vlan 102
  private-vlan isolated
vlan 201
  private-vlan community
vlan 202
  private-vlan isolated
vlan 216

interface GigabitEthernet1/0/3
 switchport private-vlan host-association 11 102
 switchport mode private-vlan host
 authentication event fail action authorize vlan 11
 authentication event no-response action authorize vlan 11
 authentication port-control auto
 authentication periodic
 authentication timer reauthenticate 3599
 snmp trap mac-notification change added
 snmp trap mac-notification change removed
 dot1x pae authenticator
 dot1x timeout tx-period 10
 spanning-tree portfast
interface GigabitEthernet1/0/48
 switchport trunk encapsulation dot1q
 switchport mode trunk

interface Vlan1
 no ip address
interface Vlan10
 ip address 10.x.x.x
ip classless
ip http server
ip http secure-server
ip radius source-interface Vlan10
logging filter flash:test.tcl
logging source-interface Vlan10
logging host 10.x.x.x filtered
radius-server dead-criteria time 30 tries 3
radius-server host 10.x.x.x auth-port 1812 acct-port 1813 key xxx
radius-server vsa send accounting
radius-server vsa send authentication
line con 0
 exec-timeout 0 0
line vty 0 4
 exec-timeout 0 0
 privilege level 15
 password cisco
line vty 5 15
 exec-timeout 0 0
 privilege level 15
 password cisco
ntp source Vlan10


IOS Image is

System image file is "flash:/c3750e-universalk9-mz.122-55.SE5/c3750e-universalk9-mz.122-55.SE5.bin"

As expected, I am still getting below syslog message hitting the syslog server.

09-09-2014    08:33:20    Local7.Notice    864: %DOT1X-5-SUCCESS: Authentication successful for client (d067.e534.a10c) on Interface Gi1/0/3 AuditSessionID

sh logging
Syslog logging: enabled (0 messages dropped, 0 messages rate-limited, 2 flushes, 0 overruns, xml disabled, filtering enabled)

No Active Message Discriminator.


No Inactive Message Discriminator.

    Console logging: level informational, 50 messages logged, xml disabled,
                     filtering enabled
    Monitor logging: level debugging, 0 messages logged, xml disabled,
                     filtering disabled
    Buffer logging:  level debugging, 281 messages logged, xml disabled,
                     filtering enabled (281 messages logged)
    Exception Logging: size (4096 bytes)
    Count and timestamp logging messages: disabled
    File logging: disabled
    Persistent logging: disabled

Filter modules:

    Trap logging: level informational, 870 message lines logged
        Logging to  (udp port 514,  audit disabled,
              authentication disabled, encryption disabled, link up),
              270 message lines logged,
              0 message lines rate-limited,
              0 message lines dropped-by-MD,
              xml disabled, sequence number disabled
              filtering enabled

Log Buffer (4096 bytes):

%SYS-5-CONFIG_I: Configured from console by console^@
%SYS-6-LOGGINGHOST_STARTSTOP: Logging to host Port 514 started - CLI initiated^@
%LINK-5-CHANGED: Interface GigabitEthernet1/0/3, changed state to administratively down^@
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/3, changed state to down^@
%SYS-5-CONFIG_I: Configured from console by console^@
%LINK-3-UPDOWN: Interface GigabitEthernet1/0/3, changed state to down^@
%DOT1X-5-SUCCESS: Authentication successful for client (d067.e534.a10c) on Interface Gi1/0/3 AuditSessionID ^@


CreatePlease to create content