Command of the Day

Reply
Guru Elite

COTD: Improved Logging in ArubaOS : Show Log user

Administrators would like to be able to track who is logging into their networks and find out what time, what server, which mac address, ip address, authentication type, username and what role the user is assigned. Starting in ArubaOS 3.3.2.8, all that information is on a single line. You first need to ensure that user logging is on with level "informational":

config t
logging level informational user
exit

The specific message# that logs messages is 522008 so you would just grep for them using the 'include' parameter for the text 522008 on the commandline, or just search for that string in your syslogs on your server:

show log user all | include 522008
(Aruba-1.TESTDOMAIN.com) #show log user all | include 522008
Jan 4 09:41:27 :522008: |authmgr| User authenticated: Name=bcollins MAC=00:1c:b3:bc:77:ff IP=172.16.219.1 method=802.1x server=IAS-Radius1 role=testdomain-employee
Jan 4 09:41:45 :522008: |authmgr| User authenticated: Name=bcollins MAC=00:1c:b3:bc:77:ff IP=172.16.113.1 method=802.1x server=IAS-Radius1 role=testdomain-employee
Jan 4 09:41:48 :522008: |authmgr| User authenticated: Name=bchildress MAC=00:1b:63:f0:42:38 IP=172.16.171.1 method=802.1x server=IAS-Radius1 role=testdomain-employee
Jan 4 09:42:20 :522008: |authmgr| User authenticated: Name=bchildress MAC=00:1b:63:f0:42:38 IP=172.16.65.1 method=802.1x server=IAS-Radius1 role=testdomain-employee
Jan 4 09:44:58 :522008: |authmgr| User authenticated: Name=rbradshaw MAC=00:14:a4:27:fb:18 IP=192.168.231.1 method=802.1x server=IAS-Radius1 role=testdomain-employee
Jan 4 09:45:05 :522008: |authmgr| User authenticated: Name=rbradshaw MAC=00:14:a4:27:fb:18 IP=192.168.233.1 method=802.1x server=IAS-Radius1 role=testdomain-employee
Jan 4 09:46:02 :522008: |authmgr| User authenticated: Name=TESTDOMAIN\apetersen MAC=00:19:7e:66:93:e3 IP=192.168.198.1 method=802.1x server=IAS-Radius1 role=testdomain-employee
Jan 4 09:46:16 :522008: |authmgr| User authenticated: Name=TESTDOMAIN\apetersen MAC=00:19:7e:66:93:e3 IP=192.168.248.1 method=802.1x server=IAS-Radius1 role=testdomain-employee
Jan 4 09:50:31 :522008: |authmgr| User authenticated: Name=TESTDOMAIN\mcarr MAC=00:19:7e:30:d7:3e IP=192.168.88.1 method=802.1x server=IAS-Radius1 role=testdomain-employee
Jan 4 09:51:39 :522008: |authmgr| User authenticated: Name=TESTDOMAIN\mcarr MAC=00:19:7e:30:d7:3e IP=192.168.125.1 method=802.1x server=IAS-Radius1 role=testdomain-employee

If you only wanted information on a particular user's mac address, you would do a 'show log' including ONLY the user's mac address like so:

show log user all | include 00:1c:b3:bc:77:ff
Happy Holidays!


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II

message

Collin - is there documentation on these message numbers?

LP
Guru Elite

Messge Numbers


Collin - is there documentation on these message numbers?

LP




Luca,

Technical publications is coming out with a document soon. With the advent of ArubaOS 3.4, I can only imagine the number of new messages that need to be documented. Please stay tuned.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: