Controller Based WLANs

 View Only
last person joined: one year ago 

APs, Controllers, VIA
Back to Library

How to configure syslog setting on Aruba Controllers? 

Jul 14, 2014 10:51 AM

Why to configure Aruba controllers to send syslogs to an external server.
 
The internal storage capacity on an Aruba controller is limited. Therefore, it is recommended to forward important system messages to an external server for central processing and storage. Aruba controllers use the standard BSD syslog protocol (RFC-3164) to forward system messages to an external server.
To send syslogs to an external server, issue the following command in 'config' mode:
 
rtaImage.png
 
NOTE: The syslog protocol uses udp port 514, therefore, ensure that udp/514 is allowed between the controller and the syslog server. The source IP address of syslog messages is the IP address of the interface where the packet exits the controller. Multiple syslog servers can be defined.  In this case, multiple copies of syslog messages will be sent.

Each syslog message is tagged with a “facility” field. This field allows a syslog server receiving syslogs from multiple sources to process syslogs and save them in different files. Aruba controllers can be configured to use syslog facilities from local0 to local7.
 
The default facility sent by an Aruba controller is “local1”. To change the facility, enter the following configurations in config mode: 
 
rtaImage (1).png
 
 
Will tag all syslogs originating from Aruba controllers with facility = local7
 
The Aruba controller also tags each syslog message with a severity. The severities are listed here in descending order of criticality.
 
Numerical Code    Severity
 
      0           Emergency       system is unusable 
      1           Alert           action must be taken immediately 
      2           Critical        critical conditions 
      3           Error           error conditions 
      4           Warning         warning conditions 
      5           Notice          normal but significant condition 
      6           Informational   informational messages 
      7           Debug           debug-level messages 
 
By default, the logging level of Aruba controllers is set at “warning”. That is, all messages with severity from emergency to warning are logged and sent to the syslog server.
 
rtaImage (2).png
 
 
Furthermore, Aruba controllers group syslog messages into six categories: 

·  arm (after AOS 6.3.x)
·  network
·  security
·  system
·  user
·  wireless
 
The logging level of each category can be set individually.   
 
For example (from config mode): 
 
rtaImage (3).png
 
 
Any laptop/desktop can be a syslog server and it should be running syslog server "i.e. kiwi syslog service manager" to received syslog messages from Aruba Controller.

NOTE: Laptop/Desktop firewall should be turned off.

Below is the command to verify the above configuration:

rtaImage (4).png

Below is the command to verify the facility level.

rtaImage (5).png

Below is the command to verify current logging level (default all is warning as shown above):

rtaImage (6).png

 
 
 

Statistics
0 Favorited
47 Views
0 Files
0 Shares
0 Downloads

Related Entries and Links

No Related Resource entered.