AirWave and Network Management

Reply
Occasional Contributor II

Can Airwave log L3/L4 user activities?

Is Airwave able to log L3/L4 user activity? For instance to log witch IPs and ports every user, connected to an AP, accessed over time?

I am in the middle of a project where the customer wants to log its guest users activities to the session level (knowing what server and TCP/UDP port every guest user accessed) and I was thinking if Airwave can collect that level of information.

If not, is there any way to configure the Aruba Controller to log that somehow? May be using a Syslog server?
Guru Elite

Re: Can Airwave log L3/L4 user activities?

Airwave cannot collect syslogs and cannot log ACL hits

You need to enable logging on the permit ACL for your guest network and then send it to a syslog server to see the ip addresses and ports.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II

Re: Can Airwave log L3/L4 user activities?

Thanks for answer. Is there sizing direction on how much load does the Syslog logging puts into the controller? I mean can the controller handle that Syslog logging easily? Or if it were enabled we might have a noticeable performance reduction in the controller?
New Contributor

Re: Can Airwave log L3/L4 user activities?

I would like to see firewall data in Airwave as well. I opened a feature request last month FV2143.
Regular Contributor I

Can Airwave log L3/L4 user activities?

Please add your vote on this feature at
http://feedback.airwave.com/forums/17263-airwave-feature-requests/sugges
tions/1424093-amp-should-retrieve-firewall-logs-from-controller-?ref=tit
le.
Occasional Contributor II

Re: Can Airwave log L3/L4 user activities?


Please add your vote on this feature at
http://feedback.airwave.com/forums/17263-airwave-feature-requests/sugges
tions/1424093-amp-should-retrieve-firewall-logs-from-controller-?ref=tit
le.




Thanks, my vote is there. The URL came out broke, so I am reposting it, in case someone else need to vote (hope mine did not brake):

http://feedback.airwave.com/forums/17263-airwave-feature-requests/suggestions/1424093-amp-should-retrieve-firewall-logs-from-controller-?ref=title

So, with that said, it is my understand that (hopefully) the loggin process did not demand too much process from the controller? Or it can be an issue?

Thanks
Regular Contributor II

Re: Can Airwave log L3/L4 user activities?

How many users are you trying to monitor? If I understand it properly, you want to be able to see where every user is going.....at all times? I'm not sure that an ACL hit is going to give you that information.

We use Scrutinizer for this. It collects the netflows from our Cisco router(s) and analyzes the traffic. It also collects sFlow information.

http://www.plixer.com/products/netflow-sflow/free-netflow-scrutinizer.php

They do have a free version with limitations, but won't cost you more than the hardware to run the product.

Of course since our information is collected from the router, it gives all traffic, from all users, and not just wireless users. I don't know your network configuration or equipment, but it may be possible to configure your switch to send information only from the port(s) to which your Aruba equipment is connected.

I only evaluated the program several years ago. After it was purchased the implementation was turned over to another engineer. Since then pricing/licensing has changed, along with increased functionality and features. It can get very complicated and granular if you need that information.

I haven't played with reports, but at any given moment I can go into any of our offices and tell you where any (and every) user is going, and which ports they are using.

Not sure if that is something that would be useful to you or not, you'd have to check it out and see.
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: