09-26-2016 09:30 AM
I am attempting to send syslogs from an Aruba Mobility 7210 controller to a central syslog server running Linux rSyslog. All of my other devices are showing up on that syslog server with dynamic directories based on the Hostname of the device, except the Aruba Controller. The Aruba controller is just creating a directory of the current year (2016)
My syslog server is configured to create dynamic directories with these variables:
So the Aruba controller ends up creating a directory like this:
I do have an actual hostname configured on the Aruba Controller, so why is it not passing this information along to the syslog server? I would be thinkning this would be a problem with the syslog server, except that my other devices are working fine, only the Aruba is showing up wrong.
Anything I can do here to fix this?
Solved! Go to Solution.
09-26-2016 04:44 PM
I suspect your rsyslog implementation is expecting a different format syslog message than Aruba is sending. Here's a syslog from one of my controllers (091aw009 is the hostname)
Sep 26 00:35:25 2016 092aw009 stm: <501097> <WARN> <092aw009 10.30.16.9> Assoc request: e8:3a:12:ac:01:3d: Dropped AP 10.30.16.245-04:bd:88:be:60:81-092-ap-046 for STA DoS protection
Note that Aruba adds the year where many devices do not. You may have to tell rsyslog how to handle multiple formats.
if I've helped, please give kudos
if I've provided a solution, please mark the solution so others can find it
09-27-2016 08:30 AM
How do you have your Aruba hostname configured? Nothing special, just the standard hostname from the Management>SNMP section?
I will look into different formats that the rSyslog server might be able to understand.