Discussion:
[rancid] Cisco SB: Disable AAA-I-CONNECT: User CLI session for user cisco over ssh
Kevin Olbrich
2018-06-11 11:02:48 UTC
Permalink
Hi!

*How can I disable "AAA-I-CONNECT: User CLI session for user cisco over
ssh..."?*
This periodically is printed when rancid receives the configuration,
resulting in a new (useless) commit.
This happens 4 -5 times a day.

Kind regards,
Kevin
Alex DEKKER
2018-06-11 12:15:32 UTC
Permalink
Post by Kevin Olbrich
*How can I disable "AAA-I-CONNECT: User CLI session for user cisco
over ssh..."?*
This periodically is printed when rancid receives the configuration,
resulting in a new (useless) commit.
This happens 4 -5 times a day.
This is a limitation/bug of the platform, I reckon. You will also get
interface up/down events appearing in commits too. I haven't found
anything in 'line' section or in 'terminal' settings to disable logs to
terminal [ie specifically off for remote terminals]. 'logging console
emergencies' might do it but then it's off for the local terminal too.

'copy run tftp://...' would presumably not have this problem.

alexd
heasley
2018-06-11 14:01:18 UTC
Permalink
Post by Alex DEKKER
Post by Kevin Olbrich
*How can I disable "AAA-I-CONNECT: User CLI session for user cisco
over ssh..."?*
This periodically is printed when rancid receives the configuration,
resulting in a new (useless) commit.
This happens 4 -5 times a day.
This is a limitation/bug of the platform, I reckon. You will also get
interface up/down events appearing in commits too. I haven't found
anything in 'line' section or in 'terminal' settings to disable logs to
terminal [ie specifically off for remote terminals]. 'logging console
emergencies' might do it but then it's off for the local terminal too.
'copy run tftp://...' would presumably not have this problem.
alexd
in ios 'term monitor' copies logging to the terminal. the only sb device
i have does not have this command, nor the problem. the only logging
config i have is
no log console
logg host nnnn sev deb
make sure you have the first of those.
Piegorsch, Weylin William
2018-06-11 21:04:57 UTC
Permalink
To clarify, in Cisco IOS and IOS XE:

"no logging console" disables onboard logging messages appearing on the output when you connect to the serial port. This is a global configuration setting, so it persists across sessions.
"terminal monitor" (and terminal no monitor... note the no is second not first) enables (disables) onboard logging messages appearing on the output when you're on a vty (telnet/ssh). This is a "exec" mode setting, and only lasts for that vty session.

I can't remember how NX-OX behaves on this point.

And there are some cases where "copy run tftp" might actually cause a logging message. I believe the "conf t ; archive ; logging" section refers. Not sure (off the top of my head) if that's just ASA OS though, or if that’s also the behavior in IOS/IOSXE.

weylin
Post by Alex DEKKER
Post by Kevin Olbrich
*How can I disable "AAA-I-CONNECT: User CLI session for user cisco
over ssh..."?*
This periodically is printed when rancid receives the configuration,
resulting in a new (useless) commit.
This happens 4 -5 times a day.
This is a limitation/bug of the platform, I reckon. You will also get
interface up/down events appearing in commits too. I haven't found
anything in 'line' section or in 'terminal' settings to disable logs to
terminal [ie specifically off for remote terminals]. 'logging console
emergencies' might do it but then it's off for the local terminal too.
'copy run tftp://...' would presumably not have this problem.
alexd
in ios 'term monitor' copies logging to the terminal. the only sb device
i have does not have this command, nor the problem. the only logging
config i have is
no log console
logg host nnnn sev deb
make sure you have the first of those.

Loading...