Cisco switch has strange log messages

Have a question or want to start a discussion? Post it! No Registration Necessary.  Now with pictures!

Threaded View
I have a Catalyst 2960-S that is printing out the following message every few seconds. This is a 4 minute sample, but the entire log is filled with this.

016534: Jun 11 08:52:08.665: %SYS-5-CONFIG_I: Configured from console by vty0
016535: Jun 11 08:52:12.152: %SYS-5-CONFIG_I: Configured from console by vty0
016536: Jun 11 08:52:31.142: %SYS-5-CONFIG_I: Configured from console by vty0
016537: Jun 11 08:52:34.624: %SYS-5-CONFIG_I: Configured from console by vty0
016538: Jun 11 08:53:08.684: %SYS-5-CONFIG_I: Configured from console by vty0
016539: Jun 11 08:53:12.086: %SYS-5-CONFIG_I: Configured from console by vty0
016540: Jun 11 08:53:31.266: %SYS-5-CONFIG_I: Configured from console by vty0
016541: Jun 11 08:53:34.784: %SYS-5-CONFIG_I: Configured from console by vty0
016542: Jun 11 08:54:08.713: %SYS-5-CONFIG_I: Configured from console by vty0
016543: Jun 11 08:54:12.011: %SYS-5-CONFIG_I: Configured from console by vty0
016544: Jun 11 08:54:31.405: %SYS-5-CONFIG_I: Configured from console by vty0
016545: Jun 11 08:54:34.803: %SYS-5-CONFIG_I: Configured from console by vty0
016546: Jun 11 08:55:08.684: %SYS-5-CONFIG_I: Configured from console by vty0
016547: Jun 11 08:55:12.234: %SYS-5-CONFIG_I: Configured from console by vty0
016548: Jun 11 08:55:31.529: %SYS-5-CONFIG_I: Configured from console by vty0
016549: Jun 11 08:55:34.953: %SYS-5-CONFIG_I: Configured from console by vty0
016550: Jun 11 08:56:08.671: %SYS-5-CONFIG_I: Configured from console by vty0
016551: Jun 11 08:56:12.142: %SYS-5-CONFIG_I: Configured from console by vty0
016552: Jun 11 08:56:31.642: %SYS-5-CONFIG_I: Configured from console by vty0
016553: Jun 11 08:56:35.066: %SYS-5-CONFIG_I: Configured from console by vty0

Any tips on how to debug this? As far as I can tell no-one else is remotely logging into the switch. Other switches in the network are not logging that message.

Re: Cisco switch has strange log messages

Quoted text here. Click to load it

I'd start with 'show user' to find out what's logged on to vty0.

Sam

--  
The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.

Re: Cisco switch has strange log messages
On Thursday, June 12, 2014 3:02:29 AM UTC-6, Sam Wilson wrote:
Quoted text here. Click to load it

Most of the time this is what I get:

#show user
    Line       User       Host(s)              Idle       Location
*  1 vty 0     Administra idle                 00:00:00 192.168.1.2

  Interface      User        Mode                     Idle     Peer Address


192.168.1.2 is me logged in. But occasionally I will get:

#show user
    Line       User       Host(s)              Idle       Location
*  1 vty 0     Administra idle                 00:00:00 192.168.1.2
   2 vty 1                idle                    never    

  Interface      User        Mode                     Idle     Peer Address


While I am logged in the log messages look like this:

025179: Jun 12 16:05:09.405: %SYS-5-CONFIG_I: Configured from console by vty1
025180: Jun 12 16:05:18.114: %SYS-5-CONFIG_I: Configured from console by vty1
025181: Jun 12 16:05:21.579: %SYS-5-CONFIG_I: Configured from console by vty1
025182: Jun 12 16:05:50.270: %SYS-5-CONFIG_I: Configured from console by vty1
025183: Jun 12 16:06:09.407: %SYS-5-CONFIG_I: Configured from console by vty1
025184: Jun 12 16:06:18.237: %SYS-5-CONFIG_I: Configured from console by vty1
025185: Jun 12 16:06:21.702: %SYS-5-CONFIG_I: Configured from console by vty1

So something is accessing the next available vty but it appears not to be using ssh.

Re: Cisco switch has strange log messages

Quoted text here. Click to load it

OK, that's weird.  I'd start by putting an access list on the vty lines  
(access-class ... on the vty lines)  and see what, if anything, blocks  
the activity.

Sam

--  
The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.

Re: Cisco switch has strange log messages
On Wednesday, June 18, 2014 3:10:24 AM UTC-6, Sam Wilson wrote:
Quoted text here. Click to load it

I tried adding an access list that only allows access from my IP.

access-list 90 permit 192.168.1.2
line 1 5
 access-class 90 in

I verified that I couldn't log in from other IPs, but it made no difference in the logging or the extra user.

I don't really know if there are other access list things I can try.

Site Timeline