Cloud Managed Networks

Reply
Occasional Contributor II

Guest user traffic logging to syslog with Aruba Central

Dear Community,

 

It is mandatory to be compliant with french law to log any user traffic (accessed URLs) for at least 6 months.

I searched how to define local or public syslog servers in Central interface without any success.

 

Anyone knows if it's possible ?

 

Many thanks & best regards,

Franck.

Re: Guest user traffic logging to syslog with Aruba Central

You can configure a syslog server in the same way you can do it in IAPs deployments. In Aruba Central you have to select the group > Configuration > Wireless > System > Loggin. 


Rafael del Cerro Flores
ACMP, ACCP, ACDX#324, ACCX#711
Occasional Contributor II

Re: Guest user traffic logging to syslog with Aruba Central

Hi Rafael and many thanks for your answer.

 

Are the APs under Central supposed to log user traffic (accessed URLs) ?

New Contributor

Re: Guest user traffic logging to syslog with Aruba Central

Hello,

 

did you found a solution for this problem? I´ve the same problem that we need to save the accessed URLs per Username.

 

Thank you

Martin

Occasional Contributor II

Re: Guest user traffic logging to syslog with Aruba Central

Unfortunately not... :(

Contributor II

Re: Guest user traffic logging to syslog with Aruba Central

No.

Access control by application filter. For this need is a web proxy.


|ATP FLEXNETWORK V3|ACSA
Highlighted
Moderator

Re: Guest user traffic logging to syslog with Aruba Central

If you want redirect all internet-facing traffic to a transparent proxy you can do it by configuring a dst-nat policy in the guest-role.

Something like this:

Screen Shot 2018-02-10 at 22.50.49.png

Hope this helps!

 

Samuel Pérez
ACMP, ACCP, ACDX#100

---

If I answerd your question, please click on "Accept as Solution".
If you find this post useful, give me kudos for it ;)

Re: Guest user traffic logging to syslog with Aruba Central

URL VISIBILITY

(config) # url-visibility

 

This feature is best used along with ALE.

http://www.arubanetworks.com/products/networking/analytics/ale/


There is no visibility support on IAP as a standalone solution.

show log system, i.e. sent to syslog, will only show if the configuration changes have taken effect & will not show the URL.

 

URL visibility data from IAP is fed to ALE periodically; this URL data will be available on IAP (temporary) as part of CLI-cmd 'show url-visibility' till IAP posts to ALE.

IAP5# show url-visibility 

Client URL List

----------------
SrcIP DstIP URL URL Length HitCount
----- ----- --- ---------- --------
192.168.50.101 54.165.205.112 sync.adaptv.advertis... 133 1
192.168.50.101 107.20.222.31 tap.rubiconproject.c... 57 1
192.168.50.101 54.239.26.242 fls-na.amazon.com/1/... 180 1
192.168.50.101 54.230.144.111 ecx.images-amazon.co... 77 1
192.168.50.101 216.58.192.228 google.com 10 1
192.168.50.101 54.239.26.242 fls-na.amazon.com/1/... 273 1

 

IAP's full URL data is sent to ALE server not to the syslog server.

You can also use CLI command - 'show url-visibility verbose' to get the full/whole URL detail in the cache.


For any IAP deployment which needs client URL data visibility, it has to consume from ALE rest/pub-sub mechanism. 

 

One major thing to note here is that, we can only extract the full URL for HTTP traffic. For HTTPs, it is only the domain name, & not the full URL, which can be extracted from SNI field of client hello exchnage. With most major sites moving towards defaulting to HTTPs, the number of useful sites you can extract is going to come down. Obviously it is useful for retail analytics with sites like amazon, which still keeps the product search/view in HTTP and move to HTTPs only in payment processing, but a majority of google sites are HTTPs only if you are signed-in.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: