Security

Reply
New Contributor

Guest User to MAC/IP syslog entry

So for audit reasons, we need syslog to have at the very least what guest is mapped to what MAC or IP (either will do, because we have dhcp logs to verify the MAC to IP mappings).  We do have syslog setup but I think the syslog filters aren't right, we don't see anything that would map the guest to a session or MAC/IP.

 

We don't really need any more than this, is there a syslog entry that will just syslog when the user authenticates (like a radius audit)?  I realize it can be had on the servers themselves but we need to use syslog to both pass along audit info to other services and so we can source the traffic in the more distant past than the clearpass allows.

 

 

Guru Elite

Re: Guest User to MAC/IP syslog entry

The article here:  http://community.arubanetworks.com/t5/ArubaOS-and-Controllers/How-to-perform-legal-interception/m-p/3823 might provide some information.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Guru Elite

Re: Guest User to MAC/IP syslog entry

To be succint, here is how I get that information:

 

show log all | include Successful


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

New Contributor

Re: Guest User to MAC/IP syslog entry

While that might work, that isn't using syslog. That means I have to get on the system and do something, I am talking just persuing syslog entries that are stored offline.

Highlighted
Guru Elite

Re: Guest User to MAC/IP syslog entry

You could grep syslog for "Successful".  You would have to syslog the security and user logs with the level of "notifications" however.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

New Contributor

Re: Guest User to MAC/IP syslog entry

Yes, I will try that.

thanks.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: