11-11-2014 03:18 AM
Hello!
I try to limit the Syslog Messages, that are sent to a Syslog Server. I started by using a syslog discriminator. My Goal is, to filter all
Syslog Messages, that has a Successfull ending in terms of Authentication.
I startet by creating the following discriminator:
logging discriminator DROP-SUC severity drops 5,7 facility drops AUTHMGR
The Problem is now, that i am not able to logical AND the discriminator with another discriminator like
logging discriminator MAB facility drops MAB
logging discriminator DOT1X facility drops DOT1X
So the question is, is that possible to "and" discriminator to filter several logging messages based on serverity or mnemonics ?
For your reference, i posted a test log from a switch
Nov 11 10:54:45 MEZ: %AUTHMGR-5-SUCCESS: Authorization succeeded for client (5478.1ae1.ce12) on Interface Gi1/0/17 AuditSessionID 0ADEE01200001F542C42DBCA
Nov 11 10:54:45 MEZ: %DOT1X-5-SUCCESS: Authentication successful for client (2c3e.cf76.5ab1) on Interface Gi1/0/11 AuditSessionID
Nov 11 10:54:45 MEZ: %AUTHMGR-7-RESULT: Authentication result 'success' from 'dot1x' for client (2c3e.cf76.5ab1) on Interface Gi1/0/11 AuditSessionID 0ADEE01200001F532C42DBC5
Nov 11 10:54:45 MEZ: %DOT1X-5-SUCCESS: Authentication successful for client (189c.5db7.eff5) on Interface Gi1/0/7 AuditSessionID
Nov 11 10:54:45 MEZ: %AUTHMGR-7-RESULT: Authentication result 'success' from 'dot1x' for client (189c.5db7.eff5) on Interface Gi1/0/7 AuditSessionID 0ADEE01200001F4F2C42D926
Nov 11 10:54:46 MEZ: %AUTHMGR-5-SUCCESS: Authorization succeeded for client (2c3e.cf76.5ab1) on Interface Gi1/0/11 AuditSessionID 0ADEE01200001F532C42DBC5
Nov 11 10:54:46 MEZ: %AUTHMGR-5-SUCCESS: Authorization succeeded for client (189c.5db7.eff5) on Interface Gi1/0/7 AuditSessionID 0ADEE01200001F4F2C42D926
Nov 11 10:56:26 MEZ: %DOT1X-5-SUCCESS: Authentication successful for client (34a8.4ea6.7493) on Interface Gi1/0/9 AuditSessionID
Nov 11 10:56:26 MEZ: %AUTHMGR-7-RESULT: Authentication result 'success' from 'dot1x' for client (34a8.4ea6.7493) on Interface Gi1/0/9 AuditSessionID 0ADEE01200001F5C2C446363
Nov 11 10:56:27 MEZ: %AUTHMGR-5-SUCCESS: Authorization succeeded for client (34a8.4ea6.7493) on Interface Gi1/0/9 AuditSessionID 0ADEE01200001F5C2C446363
Nov 11 10:59:47 MEZ: %AUTHMGR-5-START: Starting 'dot1x' for client (101f.74ed.e38d) on Interface Gi1/0/23 AuditSessionID 0ADEE01200002B3D2D05EE68
Nov 11 10:59:49 MEZ: %AUTHMGR-5-START: Starting 'dot1x' for client (101f.74ed.e38d) on Interface Gi1/0/23 AuditSessionID 0ADEE01200002B3E2D05F655
Nov 11 10:59:49 MEZ: %DOT1X-5-SUCCESS: Authentication successful for client (101f.74ed.e38d) on Interface Gi1/0/23 AuditSessionID
Nov 11 10:59:49 MEZ: %AUTHMGR-7-RESULT: Authentication result 'success' from 'dot1x' for client (101f.74ed.e38d) on Interface Gi1/0/23 AuditSessionID 0ADEE01200002B3E2D05F655
Any help would be kindly appriciated,
thanks a lot in advance,
Robert
Solved! Go to Solution.