How to exclude NAC authentication messages from log

  • 0
  • 1
  • Question
  • Updated 8 months ago
  • Answered
Hi All

I have used the below command to exclude NAC mac authentication messages from the logs

configure log filter "DefaultFilter" add exclude events "nl.ClientAuthenticated" match string "Network Login MAC user"

However messages still appear. Does anyone know if this is correct?
Photo of Justsomebodi

Justsomebodi

  • 1,572 Points 1k badge 2x thumb

Posted 8 months ago

  • 0
  • 1
Photo of David Choi

David Choi, Employee

  • 1,966 Points 1k badge 2x thumb
Hi,
The parameters for the log is like below:

Therefore, if you want to use match condition with "string" parameter, you should use one of "string" parameters in the log (there are three string parameters in the log, %0%, %1% and %5%).

For example with your way, I think you can use %0% string (i.e. "MAC") as below:
configure log filter "DefaultFilter" add exclude events "nl.ClientAuthenticated" match string "MAC"
Otherwise, you can also use other match condition, "mac-address", "ports" or "vlan" instead of "string" parameter.

Regards,
(Edited)
Photo of Justsomebodi

Justsomebodi

  • 1,572 Points 1k badge 2x thumb
Thanks for the reply.

So to clarify, it will not match the string on anything but %0% which is %MAC% ? Am i understanding it correctly?
Photo of David Choi

David Choi, Employee

  • 1,966 Points 1k badge 2x thumb
Yes.
You were trying to use the string "Network Login MAC user". In the "Network Login MAC user", only "MAC" is the string parameter (%0%) you can use in log filter and others "Network Login user" is not string parameter.
So that is the reason why your log filter didn't work