Security

Reply
New Contributor

Guest User to MAC/IP syslog entry

So for audit reasons, we need syslog to have at the very least what guest is mapped to what MAC or IP (either will do, because we have dhcp logs to verify the MAC to IP mappings).  We do have syslog setup but I think the syslog filters aren't right, we don't see anything that would map the guest to a session or MAC/IP.

 

We don't really need any more than this, is there a syslog entry that will just syslog when the user authenticates (like a radius audit)?  I realize it can be had on the servers themselves but we need to use syslog to both pass along audit info to other services and so we can source the traffic in the more distant past than the clearpass allows.

 

 

Guru Elite

Re: Guest User to MAC/IP syslog entry

The article here:  http://community.arubanetworks.com/t5/ArubaOS-and-Controllers/How-to-perform-legal-interception/m-p/3823 might provide some information.

******************
Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.
******************
Guru Elite

Re: Guest User to MAC/IP syslog entry

To be succint, here is how I get that information:

 

show log all | include Successful
******************
Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.
******************
New Contributor

Re: Guest User to MAC/IP syslog entry

While that might work, that isn't using syslog. That means I have to get on the system and do something, I am talking just persuing syslog entries that are stored offline.

Guru Elite

Re: Guest User to MAC/IP syslog entry

You could grep syslog for "Successful".  You would have to syslog the security and user logs with the level of "notifications" however.

******************
Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.
******************
New Contributor

Re: Guest User to MAC/IP syslog entry

Yes, I will try that.

thanks.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: