cancel
Showing results for 
Search instead for 
Did you mean: 

How to exclude NAC authentication messages from log

How to exclude NAC authentication messages from log

Justsomebodi
New Contributor III
Hi All

I have used the below command to exclude NAC mac authentication messages from the logs

configure log filter "DefaultFilter" add exclude events "nl.ClientAuthenticated" match string "Network Login MAC user"

However messages still appear. Does anyone know if this is correct?

4 REPLIES 4

Christopher_Bur
New Contributor
I've added the following to get rid of all client activites

configure log filter DefaultFilter add exclude events nl.ClientAuthenticated match string "MAC"
configure log filter DefaultFilter add exclude events nl.ClientUnauthenticated match string "MAC"
configure log filter DefaultFilter add exclude events nl.ClientReset match string "MAC"

Justsomebodi
New Contributor III
Thanks for the reply.

So to clarify, it will not match the string on anything but %0% which is %MAC% ? Am i understanding it correctly?

Yes.
You were trying to use the string "Network Login MAC user". In the "Network Login MAC user", only "MAC" is the string parameter (%0%) you can use in log filter and others "Network Login user" is not string parameter.
So that is the reason why your log filter didn't work

David_Choi
Contributor
Hi,
The parameters for the log is like below:

66fe6e721bcc470784abe414d54d1eb9_RackMultipart20171228-47100-1215j4n-20171228_113344_inline.jpg



Therefore, if you want to use match condition with "string" parameter, you should use one of "string" parameters in the log (there are three string parameters in the log, %0%, %1% and %5%).

For example with your way, I think you can use %0% string (i.e. "MAC") as below:
configure log filter "DefaultFilter" add exclude events "nl.ClientAuthenticated" match string "MAC"Otherwise, you can also use other match condition, "mac-address", "ports" or "vlan" instead of "string" parameter.

Regards,
GTM-P2G8KFN