USER_LOGIN

Match messages AUTHPRIV-6-SYSTEM_MSG from NX-OS.

Message example:

sw01.bjm01: 2017 Jul 26 14:42:46 UTC: %AUTHPRIV-6-SYSTEM_MSG: pam_unix(dcos_sshd:session): session opened for user luke by (uid=0) - dcos_sshd[12977]  # noqa

Output example:

{
  "users": {
    "user": {
      "luke": {
        "action": {
          "login": true
        },
        "uid": 0
      }
    }
  }
}

There is no YANG model available yet to map this class of messages. Please check the Structured message example section to see the structure.

Implemented for

  • nxos
  • opengear

Syslog message example

<190>sw01.pdx01: 2017 Jul 28 14:42:46 UTC: %AUTHPRIV-6-SYSTEM_MSG: pam_unix(dcos_sshd:session): session opened for user luke by (uid=0) - dcos_sshd[12977]

Structured message example

{
  "error": "USER_LOGIN",
  "facility": 23,
  "host": "sw01.pdx01",
  "ip": "127.0.0.1",
  "message_details": {
      "date": "2017 Jul 28",
      "facility": 23,
      "host": "sw01.pdx01",
      "message": "pam_unix(dcos_sshd:session): session opened for user luke by (uid=0) - dcos_sshd[12977]",
      "pri": "190",
      "severity": 6,
      "tag": "AUTHPRIV-6-SYSTEM_MSG",
      "time": "14:42:46",
      "timeZone": "UTC"
  },
  "os": "nxos",
  "severity": 6,
  "timestamp": 1501252966,
  "yang_message": {
      "users": {
          "user": {
              "luke": {
                  "action": {
                      "login": true
                  },
                  "uid": 0
              }
          }
      }
  },
  "yang_model": "NO_MODEL"
}