OPERATIONAL DEFECT DATABASE
...
...
A switch configured with `login on-success log` is not generating any syslog (either remotely or in `show logging log`) for the successful logins.
1. Nexus switch running a version of NX-OS that supports the `login on-success log` command 2. Successful login messages are not seen in either `show logging log` nor on remote syslog servers (e.g. logging server x.x.x.x) 3. Logging for "authpriv" is set to `logging level authpriv 3`
The documentation should actually state that at `logging level authpri 3` will add no additional logs, logs will appear regarding a successful login once the logging level is increased to `logging level authpri 6`. Also due to the local logging logfile being by default set to syslog severity 5 (notification) we will not see these logs in the local syslog until we run the `logging logfile messages 6` command. @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ conf t login on-success log logging level authpri 6 ! ! Adding logging level 6 for daemon will add additional logs like ! logging level daemon 6 logging server x.x.x.x 6 use-vrf management ! ! In order to see this just locally in `show logging log` we would also need to add the following configuration: ! logging logfile messages 6 @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ + Below are examples from lab testing of all the different permutations of configuration and the logs expected at those logging levels. Each of the following had a single successful login and the logs recorded. @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ # no login on-success log # no logging level authpriv 3 # no logging level daemon 3 @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ # login on-success log # no logging level authpriv 3 # no logging level daemon 3 @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ # no login on-success log # logging level authpriv 6 # logging level daemon 3 %AUTHPRIV-6-SYSTEM_MSG: change user 'jason' password - usermod[27325] %AUTHPRIV-6-SYSTEM_MSG: delete 'jason' from group 'vdc-admin' - usermod[27325] %AUTHPRIV-6-SYSTEM_MSG: add 'jason' to group 'vdc-admin' - usermod[27367] %AUTHPRIV-6-SYSTEM_MSG: pam_unix(dcos_sshd:session): session opened for user jason by (uid=0) - dcos_sshd[27317] @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ # login on-success log # logging level authpriv 6 # logging level daemon 3 %AUTHPRIV-6-SYSTEM_MSG: change user 'jason' password - usermod[23249] %AUTHPRIV-6-SYSTEM_MSG: delete 'jason' from group 'vdc-admin' - usermod[23249] %AUTHPRIV-6-SYSTEM_MSG: add 'jason' to group 'vdc-admin' - usermod[23289] %AUTHPRIV-6-SYSTEM_MSG: pam_aaa:Authentication success for user jason from 192.0.2.88 - dcos_sshd[23240] <<<<<<<<<<< added with `login on-success log` %AUTHPRIV-6-SYSTEM_MSG: pam_unix(dcos_sshd:session): session opened for user jason by (uid=0) - dcos_sshd[23238] @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ # no login on-success log # logging level authpriv 6 # logging level daemon 6 %DAEMON-6-SYSTEM_MSG: Outbound-ReKey for 192.0.2.88:17873 [preauth] - dcos_sshd[21504] %DAEMON-6-SYSTEM_MSG: Inbound-ReKey for 192.0.2.88:17873 [preauth] - dcos_sshd[21504] %DAEMON-6-SYSTEM_MSG: Postponed keyboard-interactive for jason from 192.0.2.88 port 17873 ssh2 [preauth] - dcos_sshd[21504] %AUTHPRIV-6-SYSTEM_MSG: change user 'jason' password - usermod[21515] %AUTHPRIV-6-SYSTEM_MSG: delete 'jason' from group 'vdc-admin' - usermod[21515] %AUTHPRIV-6-SYSTEM_MSG: add 'jason' to group 'vdc-admin' - usermod[21555] %DAEMON-6-SYSTEM_MSG: Postponed keyboard-interactive/pam for jason from 192.0.2.88 port 17873 ssh2 [preauth] - dcos_sshd[21504] %DAEMON-6-SYSTEM_MSG: Accepted keyboard-interactive/pam for jason from 192.0.2.88 port 17873 ssh2 - dcos_sshd[21504] <<<<<<<<<<< Added with Daemon 6 %AUTHPRIV-6-SYSTEM_MSG: pam_unix(dcos_sshd:session): session opened for user jason by (uid=0) - dcos_sshd[21504] %DAEMON-6-SYSTEM_MSG: Inbound-ReKey for 192.0.2.88:17873 - dcos_sshd[21582] %DAEMON-6-SYSTEM_MSG: Outbound-ReKey for 192.0.2.88:17873 - dcos_sshd[21582] @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ # login on-success log # logging level authpriv 6 # logging level daemon 6 %DAEMON-6-SYSTEM_MSG: Outbound-ReKey for 192.0.2.88:17906 [preauth] - dcos_sshd[22506] %DAEMON-6-SYSTEM_MSG: Inbound-ReKey for 192.0.2.88:17906 [preauth] - dcos_sshd[22506] %DAEMON-6-SYSTEM_MSG: Postponed keyboard-interactive for jason from 192.0.2.88 port 17906 ssh2 [preauth] - dcos_sshd[22506] %AUTHPRIV-6-SYSTEM_MSG: change user 'jason' password - usermod[22526] %AUTHPRIV-6-SYSTEM_MSG: delete 'jason' from group 'vdc-admin' - usermod[22526] %AUTHPRIV-6-SYSTEM_MSG: add 'jason' to group 'vdc-admin' - usermod[22565] %AUTHPRIV-6-SYSTEM_MSG: pam_aaa:Authentication success for user jason from 192.0.2.88 - dcos_sshd[22508] <<<<<<<<<<< added with `login on-success log` %DAEMON-6-SYSTEM_MSG: Postponed keyboard-interactive/pam for jason from 192.0.2.88 port 17906 ssh2 [preauth] - dcos_sshd[22506] %DAEMON-6-SYSTEM_MSG: Accepted keyboard-interactive/pam for jason from 192.0.2.88 port 17906 ssh2 - dcos_sshd[22506] %AUTHPRIV-6-SYSTEM_MSG: pam_unix(dcos_sshd:session): session opened for user jason by (uid=0) - dcos_sshd[22506] %DAEMON-6-SYSTEM_MSG: Inbound-ReKey for 192.0.2.88:17906 - dcos_sshd[22591] %DAEMON-6-SYSTEM_MSG: Outbound-ReKey for 192.0.2.88:17906 - dcos_sshd[22591] @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Click on a version to see all relevant bugs
Cisco Integration
Learn more about where this data comes from
Bug Scrub Advisor
Streamline upgrades with automated vendor bug scrubs
BugZero Enterprise
Wish you caught this bug sooner? Get proactive today.
