Reply
Frequent Contributor II

Logging Question

I should probably know this answer to this but wonder if someone can help me out.

I want to send a syslog message anytime that anyboby with admin rights to my controller logs on from either the CLI or the Web UI. I cant seem to get this to work. Can someone tell me the appropriate commands?

I have also noticed that when I look at the "Local Events" log on my controllers(s) they have stopped recording entries while the Process Logs are still working just fine. I wonder if this is possibly related to my syslog issue?
Aruba Employee

Re: Logging Question

Terry,

You can set the logging on the security logs to "Notifications" and you will see the following when someone logs into the controller:

Mar 22 11:46:35 :125024: |aaa| Authentication Succeeded for User , Logged in from x.x.x.x port y, Connecting to z.z.z.z port 22 connection type SSH

x.x.x.x = the IP that the client is using
y = client port number (random high port)
z.z.z.z = IP that the client specified for the controller

The command to set the logging level is "logging level notifications security".

The other thing you would need to do would be to point all syslog mesages at a syslog server. The command is "logging x.x.x.x security". x.x.x.x = IP address of your syslog server.

I checked around and there is no SNMP trap for a controller login, so AFAIK, this is the only way.
Frequent Contributor II

Re: Logging Question

Thanks Olin,

I have it all working from the CLI when SSH is used. The issue now is when the Web UI is used. Are you telling me that when an administrator logs on using the web UI there is no log entry?




Terry,

You can set the logging on the security logs to "Notifications" and you will see the following when someone logs into the controller:

Mar 22 11:46:35 :125024: |aaa| Authentication Succeeded for User , Logged in from x.x.x.x port y, Connecting to z.z.z.z port 22 connection type SSH

x.x.x.x = the IP that the client is using
y = client port number (random high port)
z.z.z.z = IP that the client specified for the controller

The command to set the logging level is "logging level notifications security".

The other thing you would need to do would be to point all syslog mesages at a syslog server. The command is "logging x.x.x.x security". x.x.x.x = IP address of your syslog server.

I checked around and there is no SNMP trap for a controller login, so AFAIK, this is the only way.


Aruba Employee

Re: Logging Question

It works whether the user logs into the CLI or the GUI. If they login via the GUI, the message will say:

Mar 22 14:25:59 :125024: |aaa| Authentication Succeeded for User , Logged in from x.x.x.x port y, Connecting to z.z.z.z port 4343 connection type HTTPS
Frequent Contributor II

Re: Logging Question

Thanks Olin for the advice.
I am getting the results I expected now.
:)
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: