Controller Based WLANs

How to configure syslog setting on Aruba Controllers?

by on ‎07-14-2014 07:51 AM
Why to configure Aruba controllers to send syslogs to an external server.
The internal storage capacity on an Aruba controller is limited. Therefore, it is recommended to forward important system messages to an external server for central processing and storage. Aruba controllers use the standard BSD syslog protocol (RFC-3164) to forward system messages to an external server.
To send syslogs to an external server, issue the following command in 'config' mode:
NOTE: The syslog protocol uses udp port 514, therefore, ensure that udp/514 is allowed between the controller and the syslog server. The source IP address of syslog messages is the IP address of the interface where the packet exits the controller. Multiple syslog servers can be defined.  In this case, multiple copies of syslog messages will be sent.

Each syslog message is tagged with a “facility” field. This field allows a syslog server receiving syslogs from multiple sources to process syslogs and save them in different files. Aruba controllers can be configured to use syslog facilities from local0 to local7.

The default facility sent by an Aruba controller is “local1”. To change the facility, enter the following configurations in config mode: 
rtaImage (1).png
Will tag all syslogs originating from Aruba controllers with facility = local7
The Aruba controller also tags each syslog message with a severity. The severities are listed here in descending order of criticality.
Numerical Code    Severity
      0           Emergency       system is unusable 
      1           Alert           action must be taken immediately 
      2           Critical        critical conditions 
      3           Error           error conditions 
      4           Warning         warning conditions 
      5           Notice          normal but significant condition 
      6           Informational   informational messages 
      7           Debug           debug-level messages 
By default, the logging level of Aruba controllers is set at “warning”. That is, all messages with severity from emergency to warning are logged and sent to the syslog server.
rtaImage (2).png
Furthermore, Aruba controllers group syslog messages into six categories: 

·  arm (after AOS 6.3.x)
·  network
·  security
·  system
·  user
·  wireless
The logging level of each category can be set individually.   
For example (from config mode): 
rtaImage (3).png
Any laptop/desktop can be a syslog server and it should be running syslog server "i.e. kiwi syslog service manager" to received syslog messages from Aruba Controller.

NOTE: Laptop/Desktop firewall should be turned off.

Below is the command to verify the above configuration:

rtaImage (4).png

Below is the command to verify the facility level.

rtaImage (5).png

Below is the command to verify current logging level (default all is warning as shown above):

rtaImage (6).png


Hi, my controller is set with this  configuration:


# show logging level verbose

Facility Level Sub Category Process
-------- ----- ------------ -------
network warnings N/A N/A
security informational N/A N/A
security debugging N/A authmgr
security informational aaa N/A
security debugging dot1x N/A
security warnings ids N/A
security warnings ids-ap N/A
system warnings N/A N/A
user informational N/A N/A
user debugging dot1x N/A
wireless warnings N/A N/A


# show logging server

Remote Server:

local-facility severity remote-facility
-------------- -------- ---------------
user warnings local1
security warnings local1


Why my syslog server is receiving logs with the tag <NOTI> if the severity is set for WARN?

Hi Jose,


This would need some investigation from TAC. Would it be possible to open a TAC case so we can work with you and identify the root cause.






Search Airheads
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.