Network Management

Reply
Frequent Contributor I
Posts: 66
Registered: ‎02-18-2013

AirWave External Logging

Good morning everyone

Is it possible to send  the information "Client Association and VPN Session History" that are stored on Airwave to an external syslog?

 

Thx

MVP
Posts: 729
Registered: ‎12-01-2010

Re: AirWave External Logging

Do those messages get into syslog on Airwave, or just in the database?

 

If they're already going to Airwave Syslog, then the setting in AMP Setup called External Logging should help you out:

AirwaveExternalSyslog.PNG

--Matthew

if I've helped, please give kudos
if I've provided a solution, please mark the solution so others can find it
Frequent Contributor I
Posts: 66
Registered: ‎02-18-2013

Re: AirWave External Logging

Thank you Matthew,

I can see the mesnsagens come to my external syslog, however I would like the AirWave send messages that he keeps in history as the IP of a user. Today he sends is only conversations between the parent company and our DHCP.

 

thx

Frequent Contributor I
Posts: 66
Registered: ‎02-18-2013

Re: AirWave External Logging

What I would like to get is this in the message 

 

- Username

- MAC Address

- AP/Device

- SSID

- Connect Time

- Duration

- Device Type

Moderator
Posts: 1,270
Registered: ‎10-16-2008

Re: AirWave External Logging

The existing external logging support is a forwarding of events with no added content and no further processing prior to forwarding.  It sounds like you're looking for data post processing to include pre-existing data that connects the trail of activity.  That's currently not available through the existing logging support, but would be a valuable feature request to make through the Ideas Portal.


Rob Gin
Senior QA Engineer - Network Services
Aruba Networks, a Hewlett Packard Enterprise Company
Frequent Contributor I
Posts: 66
Registered: ‎02-18-2013

Re: AirWave External Logging

Thank you for rgin response

Actually I could do what I wanted as follows.
Inside the controller was the tab "Configuration" and then "loggining" there pointed to my external server log indicating the "category" (user) and "severity" (notifications) as in figure "1" attached.
Soon after I went in and gave the CLI command "configure terminal" and then "logging level user notifications authmgr process" as I had read in an old post cjoseph and everything worked as I would like.
The output line that I hoped it was for my external syslog was exactly this:
Sep 11 18:50:11 2014 CWF-CS.cc0507 authmgr [2054]: <522008> <NOTI> <CWF-CS.cc0507 10.2.XX.XX> Successful User Authentication: username = P_119596 MAC = 64: b3: 10 : XX: XX: XX IP = 172.XX.XX.XXX ROLE_POS_CD_INTERNET role = VLAN = 353 AP = LAB-EN-02-INTERNET SSID = CD = AAA profile AAA_CD_INTERNET auth method = 802.1x auth server = RADIUS_PRI_CD_INTERNET

Thanks for everyone's help.

New Contributor
Posts: 1
Registered: ‎03-15-2016

Re: AirWave External Logging

Why the Airwave doesn't forward the Syslog messages to External Logging server? What if the central logging (SIEM) is required to analyze security events being sent from Controllers to Airwave?

Aruba Employee
Posts: 508
Registered: ‎02-19-2015

Re: AirWave External Logging

Hi

 

We could export audit and events of Airwave to external syslog server, navigate to AMP Setup >General > Exteranal logging section.

 

Regards,

Pavan

Search Airheads
Showing results for 
Search instead for 
Did you mean: