Aruba Instant & Cloud Wi-Fi

Reply
Occasional Contributor I
Posts: 6
Registered: ‎04-03-2013

Syslog format Aruba instant

Hello,

 

I have a question regarding the syslog format which the Aruba instant OS sends. Below a sample: 

 

11-28-2014 09:18:46 Local1.Notice 10.54.1.33 Nov 28 08:18:45 2014 10.54.1.33 stm[1515]: <501199> <NOTI> <10.54.1.33 24:DE:C6:C4:EE:72>  User authenticated, mac-34:e2:fd:65:83:74, username-jbrouwer@pj.nl, IP-10.244.0.14, method-4, role-Educatie

 

Is it possible to change the format so the , sign can be removed from the log? I am trying to configure a Palo Alto user ID agent as a sysloglistener for user to IP mapping but it sees the IP format with the , behind the IP as an invalid IP address.

 

Regards,

 

Joost Brouwer

Guru Elite
Posts: 20,422
Registered: ‎03-29-2007

Re: Syslog format Aruba instant

[ Edited ]

Joost,

 

Please look at the article here:  http://www.arubanetworks.com/techdocs/Instant_41_WebHelp/InstantWebHelp.htm#UG_files/Services/panFirewallInt.htm and let us know if that is the integration you need.

 

I am not sure that the comma can be removed from the syslog output.

 

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor I
Posts: 6
Registered: ‎04-03-2013

Re: Syslog format Aruba instant

Hello Colin,

 

Thanx for your reply. That is an option I have tried. I can see in the system log that the IAP log's in to the Palo Alto FW but I dont see any user to IP mappings in the traffic log.

Guru Elite
Posts: 20,422
Registered: ‎03-29-2007

Re: Syslog format Aruba instant

jstbrouwer,

 

What version of the Palo Alto software and what version of Aruba Instant are you running?  If it does not work, we need to engage TAC.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor I
Posts: 6
Registered: ‎04-03-2013

Re: Syslog format Aruba instant

Hi Colin,

 

InstantOS: 6.4.2.0-4.1.1.0_46028

PANOS: 6.0.6

Guru Elite
Posts: 8,050
Registered: ‎09-08-2010

Re: Syslog format Aruba instant

Do you have User-ID enabled?

Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Guru Elite
Posts: 20,422
Registered: ‎03-29-2007

Re: Syslog format Aruba instant

jstbrouwer,

 

Do your users login with just "username" or "domain\username"?

 

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor I
Posts: 6
Registered: ‎04-03-2013

Re: Syslog format Aruba instant

No I don't have User-ID enabled because there is no option for InstantOS in the syslogsender option. How should I configure User-ID otherwise? thanks in advance

Occasional Contributor I
Posts: 6
Registered: ‎04-03-2013

Re: Syslog format Aruba instant

Users login with username@domain.nl using Radius.

Guru Elite
Posts: 8,050
Registered: ‎09-08-2010

Re: Syslog format Aruba instant

In the Palo

Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Search Airheads
Showing results for 
Search instead for 
Did you mean: