Network Management

Hey all -

I'm running aruba controllers (v6.4.3.7), clearpass (v6.5.5.78974) and airwave version (8.2.0.3)

I have syslog messages going to an external server and have searched those logs for the ip addresses and dont see them at all.

I'm needing to pull information for any connections that happened between a particular date from some external IP addresses - so far I have been unable to find anything in any of these systems that records the external IP address of systems that are connecting.

Is there a way to find that information?

Any assistance is appreciated.

Thank you!

Gerri

Session logging is not enabled by default and would not end up in any logs in ArubaOS or Clearpass without configuration:  http://www.arubanetworks.com/techdocs/ArubaOS_6.4.4.x_WebHelp/Web_Help_Index.htm#ArubaFrameStyles/1CommandList/ip_access_list_session.htm?Highlight=session log

Thank you Colin -

so if I read this correctly I need to add the log option to the acl?

Just not sure which ACl it should be added to - or just put it on all of them? I currently have it on 1 but it doesn't log the external IP address of the client connecting - only the internal.

It depends on the type of traffic you are trying to track.  If it is http, you put it on your ACL that allows http.

In the end, if you have a dedicated device doing NAT translation, that is the best device to do your logging.