Wireless Access

last person joined: 22 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Log users that access the controller

This thread has been viewed 8 times

  • 1.  Log users that access the controller

    Posted Nov 23, 2011 12:46 PM

    Hello,

     

    We just purchased a 3600 controller and 50+ APs. Multiple users will have access to the controller whether to create guest accounts, read-only accounts, or users that require admin privileges and I would like to know how can l capture any user that logs into the controller?

     

    From the CLI "audit-trail" shows the users that access the controller through the CLI but not the GUI

     

    If I access the controller from the GUI and go to "Debug>Process Logs" then I can see user failed attempts, lock outs and users that access the controller via the CLI, but not users that access the controller from the GUI.

     

    Most of the users if not all will be accessing the controller from the GUI, so I need a way to capture that information

     

     

    Thank you,


    #3600


  • 2.  RE: Log users that access the controller

    EMPLOYEE
    Posted Nov 23, 2011 02:38 PM

    Please try this :

     

    config t

    audit-trail all

     

    Nov 23 06:42:00  webui[1429]: USER:admin@192.168.1.198 COMMAND:<rf dot11g-radio-profile "default" arm-profile "default" > -- command executed successfully
Nov 23 06:42:08  webui[1429]: USER:admin@192.168.1.198 COMMAND:<write memory > -- command executed successfully
Nov 23 07:02:12  fpcli: USER: admin connected from 192.168.1.198 has logged out.
Nov 23 07:07:52  fpcli: USER: admin has logged in from 192.168.1.198.
Nov 23 07:25:13  fpcli: USER: admin connected from 192.168.1.198 has logged out.
Nov 23 08:45:11  webui[1429]: USER: admin has logged in from 192.168.1.198.
Nov 23 08:47:05  webui[1429]: USER:admin@192.168.1.198 COMMAND:<local-userdb modify username "employee1" role "guest" email " " mode enable expiry time "12/13/2011" "13:0" remote-ip "0.0.0.0" > -- command executed successfully
Nov 23 13:37:04  fpcli: USER: admin has logged in from 192.168.1.189.
Nov 23 13:37:15  fpcli: USER:admin@192.168.1.189 COMMAND:<show ip interface brief > -- command executed successfully
Nov 23 13:37:18  fpcli: USER:admin@192.168.1.189 COMMAND:<show ip route > -- command executed successfully
Nov 23 13:37:22  fpcli: USER:admin@192.168.1.189 COMMAND:<show logging level verbose > -- command executed successfully
Nov 23 13:37:25  fpcli: USER:admin@192.168.1.189 COMMAND:<show audit-trail 20 > -- command executed successfully
Nov 23 13:37:57  webui[1429]: USER: admin has logged in from 192.168.1.189.
Nov 23 13:38:01  fpcli: USER:admin@192.168.1.189 COMMAND:<show audit-trail 20 > -- command executed successfully
Nov 23 13:38:37  webui[1429]: USER:admin@192.168.1.189 COMMAND:<interface vlan 5 > -- command executed successfully
Nov 23 13:38:37  webui[1429]: USER:admin@192.168.1.189 COMMAND:<interface vlan 5 no ip address > -- command executed successfully
Nov 23 13:38:37  webui[1429]: USER:admin@192.168.1.189 COMMAND:<interface vlan 5 ip address dhcp-client > -- command executed successfully
Nov 23 13:38:37  webui[1429]: USER:admin@192.168.1.189 COMMAND:<interface vlan 5 ip nat inside > -- command executed successfully
Nov 23 13:38:43  fpcli: USER:admin@192.168.1.189 COMMAND:<show audit-trail 20 > -- command executed successfully
Nov 23 13:38:44  webui[1429]: USER:admin@192.168.1.189 COMMAND:<write memory > -- command executed successfully

     



  • 3.  RE: Log users that access the controller

    Posted Nov 23, 2011 11:53 PM

    Try to configure syslog server then you can get all the logs in detail.



  • 4.  RE: Log users that access the controller

    Posted Nov 28, 2011 12:19 PM

    Thank you for the response. I enabled that command and I can see changes I make show up in "sho audit-trail", I just can see users that login using the GUI. If they login through the CLI then I can see that, but most of admins will log in through the GUI not the CLI.



  • 5.  RE: Log users that access the controller

    Posted Nov 28, 2011 03:10 PM

    You should also be able to see gui users. Next to the date it will say webui for those users.

     

    Nov 28 13:27:43 fpcli: USER: jenga has logged in from 192.168.1.86.
    Nov 28 13:27:57 fpcli: USER:jenga@192.168.1.86 COMMAND:<write memory > -- command executed successfully
    Nov 28 13:28:32 webui[1420]: USER: jenga has logged in from 192.168.1.86.






  • 6.  RE: Log users that access the controller

    Posted Apr 22, 2015 11:43 PM

    What does fpcli stands for?



  • 7.  RE: Log users that access the controller

    EMPLOYEE
    Posted Apr 23, 2015 12:01 AM

     That means the management user logged in from the commandline.