Posted on February 16, 2021 10:17 am
 |  Asked by Chaehyoung Lim
 |  41 views
0
0
Print Friendly, PDF & Email

Dear all

 

So many “%DOT1X-3-SUPPLICANT_FAILED_AUTHORIZATION” logs are detected as events from  cloudvision like below. ( a screenshot is attached also )

Syslog event detected: DOT1X SUPPLICANT_FAILED_AUTHORIZATION on HQ-W-L2-720XP-12F-02

I want to prevent these events.

Q1
Is there any way to manipulate these events?
Events like “Link went down unexpectedly” can be configured its generation.
I cannot find a way to control events like “Syslog event detected:xxxxxxx”.

Q2
Which level of syslog is detected from cloudvision?
“%DOT1X-3-SUPPLICANT_FAILED_AUTHORIZATION” is detected as an event
but “%DOT1X-6-SUPPLICANT_AUTHENTICATED” is not detected.

Q3
Is there any way to change syslog level of some specific logs?
I want to make “%DOT1X-3-SUPPLICANT_FAILED_AUTHORIZATION” from level 3 to level 6.
And remain other dot1x facility logs
keep logs for troubleshooting, but prevent them from detecting.

Best regards.

Attachments:
0
Posted by Tamas Plugor
Answered on February 16, 2021 1:47 pm

In CVP versions prior to 2020.3.0 events are generated only for syslog sev 0-3 with a few exceptions of sev 4-7, the workaround in those versions was to create an event-handler on EOS to match on the syslog and generate another syslog with high priority (lower sev number), e.g. if you wanted CVP to genearte an event for FRU-6-POWERSUPPLY_REMOVED you could create this event-handler in EOS

event-handler FRU-PS-REMOVED
   action bash logger -p CRIT -t %HW-3-FRU-PS-REMOVED ${EVENT_LOG_MSG#*FRU-6-POWERSUPPLY_REMOVED:}
   !
   trigger on-logging
      regex %FRU-6-POWERSUPPLY_REMOVED

Starting from 2020.3.0 we've introduced the new custom syslog turbine, where you can match on any syslog you wish and generate an event with the severity you'd like, you can find more details in our TOI:

https://eos.arista.com/toi/cvp-2020-3-0/custom-syslog-events/

HTH,

Tamas

0
Posted by Chaehyoung Lim
Answered on February 17, 2021 6:42 am

Dear Tamas

I really appreciate your reply.

I'm using CV version 2020.2.3

As I understand,
there is a workaround to generate a lower severity level(e.g. 0-3) log when a higher severity level(e.g.4-7) log is generated,
but there is no workaround to prevent a lower severity level log and to generate a higher severity level log instead.

Do I understand correctly?

 

Best regards

0
Posted by Tamas Plugor
Answered on February 17, 2021 10:16 am

That's correct, in 2020.2.3 you won't be able to customize that, whereas in 2020.3.0 with the new custom syslog event generation rule you can ignore any arbitrary syslog.

Post your Answer

You must be logged in to post an answer.