Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation

Who Me Too'd this topic

Filtering of Logging Messages to a Syslog Server on a Catalyst Switch using a logging discriminator

Robert Singer
Level 1
Level 1

‎11-11-2014 03:18 AM

Hello!

I try to limit the Syslog Messages, that are sent to a Syslog Server. I started by using a syslog discriminator. My Goal is, to filter all 

Syslog Messages, that has a Successfull ending in terms of Authentication.

 

I startet by creating the following discriminator:

 

logging discriminator DROP-SUC severity drops 5,7 facility drops AUTHMGR

 

The Problem is now, that i am not able to logical AND the discriminator with another discriminator like

logging discriminator MAB facility drops MAB
logging discriminator DOT1X facility drops DOT1X

So the question is, is that possible to "and" discriminator to filter several logging messages based on serverity or mnemonics ?

For your reference, i posted a test log from a switch

Nov 11 10:54:45 MEZ: %AUTHMGR-5-SUCCESS: Authorization succeeded for client (5478.1ae1.ce12) on Interface Gi1/0/17 AuditSessionID 0ADEE01200001F542C42DBCA
Nov 11 10:54:45 MEZ: %DOT1X-5-SUCCESS: Authentication successful for client (2c3e.cf76.5ab1) on Interface Gi1/0/11 AuditSessionID
Nov 11 10:54:45 MEZ: %AUTHMGR-7-RESULT: Authentication result 'success' from 'dot1x' for client (2c3e.cf76.5ab1) on Interface Gi1/0/11 AuditSessionID 0ADEE01200001F532C42DBC5
Nov 11 10:54:45 MEZ: %DOT1X-5-SUCCESS: Authentication successful for client (189c.5db7.eff5) on Interface Gi1/0/7 AuditSessionID
Nov 11 10:54:45 MEZ: %AUTHMGR-7-RESULT: Authentication result 'success' from 'dot1x' for client (189c.5db7.eff5) on Interface Gi1/0/7 AuditSessionID 0ADEE01200001F4F2C42D926
Nov 11 10:54:46 MEZ: %AUTHMGR-5-SUCCESS: Authorization succeeded for client (2c3e.cf76.5ab1) on Interface Gi1/0/11 AuditSessionID 0ADEE01200001F532C42DBC5
Nov 11 10:54:46 MEZ: %AUTHMGR-5-SUCCESS: Authorization succeeded for client (189c.5db7.eff5) on Interface Gi1/0/7 AuditSessionID 0ADEE01200001F4F2C42D926
Nov 11 10:56:26 MEZ: %DOT1X-5-SUCCESS: Authentication successful for client (34a8.4ea6.7493) on Interface Gi1/0/9 AuditSessionID
Nov 11 10:56:26 MEZ: %AUTHMGR-7-RESULT: Authentication result 'success' from 'dot1x' for client (34a8.4ea6.7493) on Interface Gi1/0/9 AuditSessionID 0ADEE01200001F5C2C446363
Nov 11 10:56:27 MEZ: %AUTHMGR-5-SUCCESS: Authorization succeeded for client (34a8.4ea6.7493) on Interface Gi1/0/9 AuditSessionID 0ADEE01200001F5C2C446363
Nov 11 10:59:47 MEZ: %AUTHMGR-5-START: Starting 'dot1x' for client (101f.74ed.e38d) on Interface Gi1/0/23 AuditSessionID 0ADEE01200002B3D2D05EE68
Nov 11 10:59:49 MEZ: %AUTHMGR-5-START: Starting 'dot1x' for client (101f.74ed.e38d) on Interface Gi1/0/23 AuditSessionID 0ADEE01200002B3E2D05F655
Nov 11 10:59:49 MEZ: %DOT1X-5-SUCCESS: Authentication successful for client (101f.74ed.e38d) on Interface Gi1/0/23 AuditSessionID
Nov 11 10:59:49 MEZ: %AUTHMGR-7-RESULT: Authentication result 'success' from 'dot1x' for client (101f.74ed.e38d) on Interface Gi1/0/23 AuditSessionID 0ADEE01200002B3E2D05F655

 

 

Any help would be kindly appriciated,

thanks a lot in advance,

Robert

2 people had this problem
Labels:
0 Helpful
Who Me Too'd this topic