1. Home
  2. Cisco Systems
  3. Cisco switch has strange log messages

Cisco switch has strange log messages

I have a Catalyst 2960-S that is printing out the following message every few seconds. This is a 4 minute sample, but the entire log is filled with this.

016534: Jun 11 08:52:08.665: %SYS-5-CONFIG_I: Configured from console by vty0 016535: Jun 11 08:52:12.152: %SYS-5-CONFIG_I: Configured from console by vty0 016536: Jun 11 08:52:31.142: %SYS-5-CONFIG_I: Configured from console by vty0 016537: Jun 11 08:52:34.624: %SYS-5-CONFIG_I: Configured from console by vty0 016538: Jun 11 08:53:08.684: %SYS-5-CONFIG_I: Configured from console by vty0 016539: Jun 11 08:53:12.086: %SYS-5-CONFIG_I: Configured from console by vty0 016540: Jun 11 08:53:31.266: %SYS-5-CONFIG_I: Configured from console by vty0 016541: Jun 11 08:53:34.784: %SYS-5-CONFIG_I: Configured from console by vty0 016542: Jun 11 08:54:08.713: %SYS-5-CONFIG_I: Configured from console by vty0 016543: Jun 11 08:54:12.011: %SYS-5-CONFIG_I: Configured from console by vty0 016544: Jun 11 08:54:31.405: %SYS-5-CONFIG_I: Configured from console by vty0 016545: Jun 11 08:54:34.803: %SYS-5-CONFIG_I: Configured from console by vty0 016546: Jun 11 08:55:08.684: %SYS-5-CONFIG_I: Configured from console by vty0 016547: Jun 11 08:55:12.234: %SYS-5-CONFIG_I: Configured from console by vty0 016548: Jun 11 08:55:31.529: %SYS-5-CONFIG_I: Configured from console by vty0 016549: Jun 11 08:55:34.953: %SYS-5-CONFIG_I: Configured from console by vty0 016550: Jun 11 08:56:08.671: %SYS-5-CONFIG_I: Configured from console by vty0 016551: Jun 11 08:56:12.142: %SYS-5-CONFIG_I: Configured from console by vty0 016552: Jun 11 08:56:31.642: %SYS-5-CONFIG_I: Configured from console by vty0 016553: Jun 11 08:56:35.066: %SYS-5-CONFIG_I: Configured from console by vty0

Any tips on how to debug this? As far as I can tell no-one else is remotely logging into the switch. Other switches in the network are not logging that message.

Reply to
jdramer
Loading thread data ...

I'd start with 'show user' to find out what's logged on to vty0.

Sam

Reply to
Sam Wilson

Most of the time this is what I get:

#show user Line User Host(s) Idle Location

  • 1 vty 0 Administra idle 00:00:00 192.168.1.2

Interface User Mode Idle Peer Address

192.168.1.2 is me logged in. But occasionally I will get:

#show user Line User Host(s) Idle Location

  • 1 vty 0 Administra idle 00:00:00 192.168.1.2
2 vty 1 idle never

Interface User Mode Idle Peer Address

While I am logged in the log messages look like this:

025179: Jun 12 16:05:09.405: %SYS-5-CONFIG_I: Configured from console by vty1 025180: Jun 12 16:05:18.114: %SYS-5-CONFIG_I: Configured from console by vty1 025181: Jun 12 16:05:21.579: %SYS-5-CONFIG_I: Configured from console by vty1 025182: Jun 12 16:05:50.270: %SYS-5-CONFIG_I: Configured from console by vty1 025183: Jun 12 16:06:09.407: %SYS-5-CONFIG_I: Configured from console by vty1 025184: Jun 12 16:06:18.237: %SYS-5-CONFIG_I: Configured from console by vty1 025185: Jun 12 16:06:21.702: %SYS-5-CONFIG_I: Configured from console by vty1

So something is accessing the next available vty but it appears not to be using ssh.

Reply to
jdramer

OK, that's weird. I'd start by putting an access list on the vty lines (access-class ... on the vty lines) and see what, if anything, blocks the activity.

Sam

Reply to
Sam Wilson

I tried adding an access list that only allows access from my IP.

access-list 90 permit 192.168.1.2 line 1 5 access-class 90 in

I verified that I couldn't log in from other IPs, but it made no difference in the logging or the extra user.

I don't really know if there are other access list things I can try.

Reply to
jdramer

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.