Wireless Access

Reply
New Contributor
Posts: 2
Registered: ‎11-23-2011

Log users that access the controller

Hello,

 

We just purchased a 3600 controller and 50+ APs. Multiple users will have access to the controller whether to create guest accounts, read-only accounts, or users that require admin privileges and I would like to know how can l capture any user that logs into the controller?

 

From the CLI "audit-trail" shows the users that access the controller through the CLI but not the GUI

 

If I access the controller from the GUI and go to "Debug>Process Logs" then I can see user failed attempts, lock outs and users that access the controller via the CLI, but not users that access the controller from the GUI.

 

Most of the users if not all will be accessing the controller from the GUI, so I need a way to capture that information

 

 

Thank you,

Guru Elite
Posts: 20,819
Registered: ‎03-29-2007

Re: Log users that access the controller

[ Edited ]

Please try this :

 

config t

audit-trail all

 

Nov 23 06:42:00  webui[1429]: USER:admin@192.168.1.198 COMMAND:<rf dot11g-radio-profile "default" arm-profile "default" > -- command executed successfully
Nov 23 06:42:08  webui[1429]: USER:admin@192.168.1.198 COMMAND:<write memory > -- command executed successfully
Nov 23 07:02:12  fpcli: USER: admin connected from 192.168.1.198 has logged out.
Nov 23 07:07:52  fpcli: USER: admin has logged in from 192.168.1.198.
Nov 23 07:25:13  fpcli: USER: admin connected from 192.168.1.198 has logged out.
Nov 23 08:45:11  webui[1429]: USER: admin has logged in from 192.168.1.198.
Nov 23 08:47:05  webui[1429]: USER:admin@192.168.1.198 COMMAND:<local-userdb modify username "employee1" role "guest" email " " mode enable expiry time "12/13/2011" "13:0" remote-ip "0.0.0.0" > -- command executed successfully
Nov 23 13:37:04  fpcli: USER: admin has logged in from 192.168.1.189.
Nov 23 13:37:15  fpcli: USER:admin@192.168.1.189 COMMAND:<show ip interface brief > -- command executed successfully
Nov 23 13:37:18  fpcli: USER:admin@192.168.1.189 COMMAND:<show ip route > -- command executed successfully
Nov 23 13:37:22  fpcli: USER:admin@192.168.1.189 COMMAND:<show logging level verbose > -- command executed successfully
Nov 23 13:37:25  fpcli: USER:admin@192.168.1.189 COMMAND:<show audit-trail 20 > -- command executed successfully
Nov 23 13:37:57  webui[1429]: USER: admin has logged in from 192.168.1.189.
Nov 23 13:38:01  fpcli: USER:admin@192.168.1.189 COMMAND:<show audit-trail 20 > -- command executed successfully
Nov 23 13:38:37  webui[1429]: USER:admin@192.168.1.189 COMMAND:<interface vlan 5 > -- command executed successfully
Nov 23 13:38:37  webui[1429]: USER:admin@192.168.1.189 COMMAND:<interface vlan 5 no ip address > -- command executed successfully
Nov 23 13:38:37  webui[1429]: USER:admin@192.168.1.189 COMMAND:<interface vlan 5 ip address dhcp-client > -- command executed successfully
Nov 23 13:38:37  webui[1429]: USER:admin@192.168.1.189 COMMAND:<interface vlan 5 ip nat inside > -- command executed successfully
Nov 23 13:38:43  fpcli: USER:admin@192.168.1.189 COMMAND:<show audit-trail 20 > -- command executed successfully
Nov 23 13:38:44  webui[1429]: USER:admin@192.168.1.189 COMMAND:<write memory > -- command executed successfully

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor I
Posts: 72
Registered: ‎09-19-2011

Re: Log users that access the controller

Try to configure syslog server then you can get all the logs in detail.

New Contributor
Posts: 2
Registered: ‎11-23-2011

Re: Log users that access the controller

Thank you for the response. I enabled that command and I can see changes I make show up in "sho audit-trail", I just can see users that login using the GUI. If they login through the CLI then I can see that, but most of admins will log in through the GUI not the CLI.

Aruba Employee
Posts: 77
Registered: ‎04-11-2007

Re: Log users that access the controller

You should also be able to see gui users. Next to the date it will say webui for those users.

 

Nov 28 13:27:43 fpcli: USER: jenga has logged in from 192.168.1.86.
Nov 28 13:27:57 fpcli: USER:jenga@192.168.1.86 COMMAND:<write memory > -- command executed successfully
Nov 28 13:28:32 webui[1420]: USER: jenga has logged in from 192.168.1.86.




Frequent Contributor I
Posts: 73
Registered: ‎05-27-2009

Re: Log users that access the controller

What does fpcli stands for?

"If there's a will, there's a way."
Guru Elite
Posts: 20,819
Registered: ‎03-29-2007

Re: Log users that access the controller

 That means the management user logged in from the commandline.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: