Network Management

Reply

Airwave external syslog no audit information only system?

I have finally gotten around to send syslogs from AIrwave to an external syslog server but what I am not seeing is the audit logs.

 

So what I see on my syslog is the following:
 

Jan 22 00:38:46 AMP (wips-aw-1)[29819]: Aruba Instant Virtual Controller CAT-GA-ATL-01555-VC1 Up#011System#011Device#011ID: 398#011Top > CAT - Atlantic Trust > CAT-GA-ATL-01555#011CAT-GA-ATL-01555
Jan 22 00:43:33 AMP (wips-aw-1)[24886]: Universal Network Device CAT-GA-ATL-01555-SW1 Configuration verification succeeded; configuration is good#011System#011Device#011ID: 401#011Top > CAT - Atlantic Trust > CAT-GA-ATL-01555#011CAT-GA-ATL-01555

 

But what I don't see is user actions that are recorded in the event log on AMP, they do not appear in the syslog. Example:
Wed Jan 22 08:30:45 2014     dmcmonitoring     System     Alert 'Device Down Device Type is Remote AP or Minutes Down Threshold >= 5 minutes for CIB-ON-MIS-04922-WAP1' acknowledged
Wed Jan 22 08:30:45 2014     dmcmonitoring     System     Alert 'Device Down Device Type is Remote AP or Minutes Down Threshold >= 5 minutes for CIB-ON-MIS-05432-WAP1' acknowledged          
 

It seems to only gather syslog information coming from System but not users performing actions on AMP.

 

My syslog is configured as such...
Capture.PNG

 

EDIT: also it seems as though not all messages are being captured...seems a bit slow.

Pasquale Monardo | Senior Network Solutions Consultant
ACDX #420 | ACMP
[If you found my post helpful, please give kudos!]

Re: Airwave external syslog no audit information only system?

Anyone?
Pasquale Monardo | Senior Network Solutions Consultant
ACDX #420 | ACMP
[If you found my post helpful, please give kudos!]

Re: Airwave external syslog no audit information only system?

TAC confirmed this is not possible currently within AMP.
Pasquale Monardo | Senior Network Solutions Consultant
ACDX #420 | ACMP
[If you found my post helpful, please give kudos!]
Frequent Contributor II

Re: Airwave external syslog no audit information only system?

Does anyone know if this is possible now?


pmonardo wrote:
TAC confirmed this is not possible currently within AMP.

 

Aruba Employee

Re: Airwave external syslog no audit information only system?

Rosie,

 

We have user option in Audit trail drop down list, could you choose that option and click, send test message and check whether you are receivng Airwave user related events.

 

Capture(1).PNG

 

Regards,

Pavan

If my post address your query, give kudos:)

Frequent Contributor II

Re: Airwave external syslog no audit information only system?

Does this send GUI audit logs?

Aruba Employee

Re: Airwave external syslog no audit information only system?

Its should send the the entries of changes made by GUI user but I am not 100% sure, try set it to audit and send test message and check the status.

 

Regards,

Pavan

Frequent Contributor II

Re: Airwave external syslog no audit information only system?

I see audit logs but I am not seeing logins from the GUI.

 

Syslog is also being bombarded by the following:

 

 session opened for user igc by (uid=0)

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: