09-11-2014 10:36 AM
Do those messages get into syslog on Airwave, or just in the database?
If they're already going to Airwave Syslog, then the setting in AMP Setup called External Logging should help you out:
if I've helped, please give kudos
if I've provided a solution, please mark the solution so others can find it
09-11-2014 10:42 AM
Thank you Matthew,
I can see the mesnsagens come to my external syslog, however I would like the AirWave send messages that he keeps in history as the IP of a user. Today he sends is only conversations between the parent company and our DHCP.
09-11-2014 02:01 PM
The existing external logging support is a forwarding of events with no added content and no further processing prior to forwarding. It sounds like you're looking for data post processing to include pre-existing data that connects the trail of activity. That's currently not available through the existing logging support, but would be a valuable feature request to make through the Ideas Portal.
Senior QA Engineer - Network Services
Aruba Networks, a Hewlett Packard Enterprise Company
09-11-2014 03:06 PM
Thank you for rgin response
Actually I could do what I wanted as follows.
Inside the controller was the tab "Configuration" and then "loggining" there pointed to my external server log indicating the "category" (user) and "severity" (notifications) as in figure "1" attached.
Soon after I went in and gave the CLI command "configure terminal" and then "logging level user notifications authmgr process" as I had read in an old post cjoseph and everything worked as I would like.
The output line that I hoped it was for my external syslog was exactly this:
Sep 11 18:50:11 2014 CWF-CS.cc0507 authmgr : <522008> <NOTI> <CWF-CS.cc0507 10.2.XX.XX> Successful User Authentication: username = P_119596 MAC = 64: b3: 10 : XX: XX: XX IP = 172.XX.XX.XXX ROLE_POS_CD_INTERNET role = VLAN = 353 AP = LAB-EN-02-INTERNET SSID = CD = AAA profile AAA_CD_INTERNET auth method = 802.1x auth server = RADIUS_PRI_CD_INTERNET
Thanks for everyone's help.
06-12-2017 02:46 AM
Why the Airwave doesn't forward the Syslog messages to External Logging server? What if the central logging (SIEM) is required to analyze security events being sent from Controllers to Airwave?