Network Management

Reply
Occasional Contributor II
Posts: 13
Registered: ‎12-26-2013

Can I get only some syslog data by filtering certain words to logging in Airwave with device base ?

Hi,

     I want to log some syslog data in Airwave from Firewall. When I configured the syslog on the firewall, too many logs are coming to Airwave. So If I logs in Airwave all this syslog data from firewall disc capacity will not enough in a few days. If I change the syslog severity in firewall to up level (from information to notification) the logs are not coming such I want. Is it possible to filter for incoming syslog data with the words in Airwave with device base? 

Thanks in advace.

Aruba
Posts: 1,377
Registered: ‎12-12-2011

Re: Can I get only some syslog data by filtering certain words to logging in Airwave with device bas

Yes.  This is possible.  You can search on the message context in the event viewer but more effectively, you can setup triggers to email or alert based on conditions you yourself set in Airwave.  

Seth R. Fiermonti
Consulting Systems Engineer - ACCX, ACDX, ACMX
Email: seth@hpe.com
-----
If you found my post helpful, please give kudos
Aruba
Posts: 1,377
Registered: ‎12-12-2011

Re: Can I get only some syslog data by filtering certain words to logging in Airwave with device bas

Here is an example

 

Screenshot 2015-08-12 12.42.45.png

Seth R. Fiermonti
Consulting Systems Engineer - ACCX, ACDX, ACMX
Email: seth@hpe.com
-----
If you found my post helpful, please give kudos
Occasional Contributor II
Posts: 13
Registered: ‎12-26-2013

Re: Can I get only some syslog data by filtering certain words to logging in Airwave with device bas

Hi Seth,
Thanks for your reply. I think that for using this trigger the syslog data can be come to the airwave. But too much waste data is coming to airwave and consume the disc quickly. Due to this I don't want to save all syslog data coming from firewall. Is there a way for filtering while coming syslog data before saving in airwave?
Aruba
Posts: 1,377
Registered: ‎12-12-2011

Re: Can I get only some syslog data by filtering certain words to logging in Airwave with device bas

No..there is no way to filter that out after it’s received in Airwave…however, syslog doesn’t consume a ton of space
Seth R. Fiermonti
Consulting Systems Engineer - ACCX, ACDX, ACMX
Email: seth@hpe.com
-----
If you found my post helpful, please give kudos
Occasional Contributor II
Posts: 13
Registered: ‎12-26-2013

Re: Can I get only some syslog data by filtering certain words to logging in Airwave with device bas

When I activated syslog proper least severity coming about 2k log in a minute despite I close other futures.
Guru Elite
Posts: 21,515
Registered: ‎03-29-2007

Re: Can I get only some syslog data by filtering certain words to logging in Airwave with device bas

Is there a specific message that you are looking for?  It is probably better to setup the controller to send the SNMP trap equivalent for what you are looking for to Airwave and to send syslog to another device, if you are getting so many syslog messages.   https://support.arubanetworks.com/Documentation/tabid/77/DMXModule/512/Command/Core_Download/Default.aspx?EntryId=14097

 

If you know what specific message and severity you are looking for, you can send only syslog for that severity for the specific train of messages you are looking for.  For example, if the message you are receiving is only in "system" and is "informational", you can do this:

 

config t

logging 192.168.1.3 type system severity informational

 

If you must send syslog to  Airwave you can also limit the days of stored device events by changing the data retention number:

devents.png

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 13
Registered: ‎12-26-2013

Re: Can I get only some syslog data by filtering certain words to logging in Airwave with device bas

Hi Colin,

Thank you for your detailed explanation. I tried this way. Source device is Fortigate firewall. I configured snmp trap with all section in Fortigate.forti-snmp.PNG

 

 But all I can see that logs in Airwave at below.

 

airwave-snmp.PNG

 

 

Guru Elite
Posts: 21,515
Registered: ‎03-29-2007

Re: Can I get only some syslog data by filtering certain words to logging in Airwave with device bas

That looks like fortigate's screen for just SNMP Traps.  Is there a screen for syslog?  Airwave does not have Forgtigate's MIB to interpret those traps, so it probably does not make sense to send any traps to Airwave, because they will not be interpreted correctly.  See if you can find the syslog configuration screen.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 13
Registered: ‎12-26-2013

Re: Can I get only some syslog data by filtering certain words to logging in Airwave with device bas

When I set Syslog severity inf. like below usefull logs coming but too many unnecessary logs coming as dhcp logs for 1k users.

 

forti-syslog.PNG

 

airwave-syslog.PNG

 

 

 

 

Search Airheads
Showing results for 
Search instead for 
Did you mean: