Which configuration filters out DOT1X messages in the format shown below from being sent toward Syslog server 10.15.20.33?
Nov 20 13:47:32/553 %DOT1X-5-FAIL:Authentication failed for client (e04f.438e.de4f) on interface Gi1/0/1 AudtiSessionID 0A0B50A5000004543910739E
To filter out DOT1X messages from being sent to the Syslog server, you need to create a logging discriminator that specifically drops messages with the DOT1X facility. The command 'logging discriminator DOT1X facility drops DOT1X' creates a discriminator named 'DOT1X' that drops all messages with the facility 'DOT1X'. The command 'logging host 10.15.20.33 discriminator DOT1X' specifies that only messages that do not match this discriminator criteria (i.e., excluding DOT1X messages) should be sent to the Syslog server at 10.15.20.33. Therefore, this configuration will correctly filter out DOT1X messages.
Given answer is wrong. The message body doesn't contain "DOT1X". However the logging facility is "DOT1X" so A seems good. https://youtu.be/Lbb7vlQoGt0?feature=shared&t=154
filters out facility=DOT1X messages and drops them
logging discriminator DOT1X facility drops DOT1X: This command creates a logging discriminator named "DOT1X" and configures it to drop syslog messages with the facility "DOT1X". So, any syslog messages with the facility "DOT1X" will be dropped (not logged). logging host 10.15.20.33 discriminator DOT1X: This command specifies that syslog messages that match the criteria defined by the discriminator "DOT1X" are sent to the syslog server at the IP address 10.15.20.33. So, syslog messages that pass through the "DOT1X" discriminator (i.e., not dropped based on the first command) will be sent to the specified syslog server.
A. logging discriminator DOT1X facility drops DOT1X logging host 10.15.20.33 discriminator DOT1X Explanation: The logging discriminator command creates a discriminator named DOT1X. The facility drops DOT1X part specifies that messages with a facility that includes DOT1X should be dropped. The logging host 10.15.20.33 discriminator DOT1X command sends log messages to the Syslog server at 10.15.20.33, but only those that do not match the discriminator criteria (i.e., excluding DOT1X messages).
A is correct
I think that the correct answer should be A). logging discriminator DOT1X facility drops DOT1X logging host 10.15.20.33 discriminator DOT1X
it should be A
Logging discriminator discr-name [ [facility] [mnemonics] [msg-body] { drops string | includes string } ] [ severity { drops sev-num | includes sev-num } ] [ rate-limit msglimit ]
A is the correct one
A is correct
DOT1X-5-FAIL: facility: dot1x severity:5 mnemonic:fail seq no:timestamp: %facility-severity-MNEMONIC:description