Network Management

Reply
Frequent Contributor I
Posts: 116
Registered: ‎08-07-2013

Controller/Airwave Audit-trail Logins

I'm looking to generate a report from Airwave or a trigger option to collect administrative logins to the Airwave server as well as to the Controller. Is this possible using Airwave or direct from the controller?

 

I can run #show audit-trail login manually but would prefer an automated solution especially since I can only use a single output modifier from CLI.

MVP
Posts: 4,172
Registered: ‎07-20-2011

Re: Controller/Airwave Audit-trail Logins

You can potentially use this :

 

2013-11-05 10_50_38-__129.64.8.73_c$_Users_vfabian_Desktop_2013-11-04 10_22_40-Edit scheduled activi.png

 

2013-11-04 10_22_40-Edit scheduled activity details.png

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Guru Elite
Posts: 8,182
Registered: ‎09-08-2010

Re: Controller/Airwave Audit-trail Logins

[ Edited ]

Are you using TACACS? (ClearPass)

 

TACACS accounting will log all commands if configured:

 

original.png

 

show-stacking.PNG


Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Frequent Contributor I
Posts: 116
Registered: ‎08-07-2013

Re: Controller/Airwave Audit-trail Logins


victorfabian wrote:

You can potentially use this :

 

2013-11-05 10_50_38-__129.64.8.73_c$_Users_vfabian_Desktop_2013-11-04 10_22_40-Edit scheduled activi.png

 

2013-11-04 10_22_40-Edit scheduled activity details.png


This pointed me a good direction for the controller. Do you know of a similar command on the airwave CLI that would get me info for the GUI? I'm sure I can pull CLI info from a log file somewhere.

MVP
Posts: 4,172
Registered: ‎07-20-2011

Re: Controller/Airwave Audit-trail Logins

[ Edited ]

 

I don't see this available on the list of commands you can run from AIrwave 

amp1_2013-11-06_13-14-17.png

 

I can't see it from the trap list either

 

SNMP TRAP LIST
--------------
TRAP-NAME                                  CONFIGURABLE  ENABLE-STATE
---------                                  ------------  ------------
authenticationFailure                      Yes           Enabled
coldStart                                  Yes           Enabled
linkDown                                   Yes           Enabled
linkUp                                     Yes           Enabled
warmStart                                  Yes           Enabled
wlsxAPBssidEntryChanged                    Yes           Enabled
wlsxAPChannelChange                        Yes           Enabled
wlsxAPDeauthContainment                    Yes           Enabled
wlsxAPEntryChanged                         Yes           Enabled
wlsxAPImpersonation                        Yes           Enabled
wlsxAPInterferenceCleared                  Yes           Enabled
wlsxAPInterferenceDetected                 Yes           Enabled
wlsxAPModeChange                           Yes           Enabled
wlsxAPNumColdStarts                        Yes           Enabled
wlsxAPNumDown                              Yes           Enabled
wlsxAPNumRadioDown                         Yes           Enabled
wlsxAPNumUpgradeFailure                    Yes           Enabled
wlsxAPNumWarmStarts                        Yes           Enabled
wlsxAPPowerChange                          Yes           Enabled
wlsxAPRadioAttributesChanged               Yes           Enabled
wlsxAPRadioEntryChanged                    Yes           Enabled
wlsxAPSpoofingDetected                     Yes           Enabled
wlsxAPTaggedWiredContainment               Yes           Enabled
wlsxAPWiredContainment                     Yes           Enabled
wlsxAccessPointIsDown                      Yes           Enabled
wlsxAccessPointIsUp                        Yes           Enabled
wlsxAdhocNetwork                           Yes           Enabled
wlsxAdhocNetworkBridgeDetected             Yes           Enabled
wlsxAdhocNetworkBridgeDetectedAP           Yes           Enabled
wlsxAdhocNetworkBridgeDetectedSta          Yes           Enabled
wlsxAdhocNetworkDetected                   Yes           Enabled
wlsxAdhocNetworkRemoved                    Yes           Enabled
wlsxAdhocUsingValidSSID                    Yes           Enabled
wlsxApFloodAttack                          Yes           Enabled
wlsxAuthMaxAclEntries                      Yes           Enabled
wlsxAuthMaxBWContracts                     Yes           Enabled
wlsxAuthMaxUserEntries                     Yes           Enabled
wlsxAuthServerIsUp                         Yes           Enabled
wlsxAuthServerReqTimedOut                  Yes           Enabled
wlsxAuthServerTimedOut                     Yes           Enabled
wlsxBSSIDIsDown                            Yes           Enabled
wlsxBSSIDIsUp                              Yes           Enabled
wlsxBlockAckAttackDetected                 Yes           Enabled

 

This could be a feature request :

 

https://arubanetworkskb.secure.force.com/cp/ideas/ideaList.apexp

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Search Airheads
Showing results for 
Search instead for 
Did you mean: