The Aruba and Logrhythm community sites are rather sparse on what to setup from an external logging perspective to get the most effective use out of logs as it pertains to Mobility Controllers, so thought I would query the community to see if anyone has tackled this already and has suggestions.
I'm looking for information to meet our Cybersecurity monitoring needs, so Rogues and Suspected Rogue Classifications, Match Methods, etc.. and other data that may be helpful from an alerting or correlation with other log sources.
I will also be looking to gather data from Airwave but there are specific fields, such as "Match-Method" that exists on the controller and have a placeholder in Airwave but this data does not get transmitted between the systems (no idea why??).
We are parsing auth data from Clearpass, but looking into these other log sources to paint a more complete picture.
Any thoughts or suggestions are welcome.
Thanks,
GL