Wireless Access

Reply
Occasional Contributor II
Posts: 16
Registered: ‎08-31-2010

Logging user authentication success/failure

 

on 6.1.3.2

 

We used to get log messages indicating user authentication success/failure from our controllers.  At some point in the past this stopped, and I need to figure out how to restart it.  I figured it would be easy, but the Aruba manual entry on logging is singularly unhelpful in telling you what gets logged inside what category.

 

I know the messages used to come with the "authmgr" tag on them and I found this COD from 2010

 

COD for logging auths

 

However I have not been able to get logging configured so that a "show log user 100" shows me users authenticating.  Lots of messages sure, but not the ones I need.

 

# show logging level verbose

LOGGING LEVELS
--------------
Facility  Level      Sub Category  Process
--------  -----      ------------  -------
network   warnings   N/A           N/A
security  warnings   N/A           N/A
security  debugging  N/A           authmgr
system    warnings   N/A           N/A
user      warnings   N/A           N/A
wireless  warnings   N/A           N/A

 

This config doesn't appear to work.  I'm checking first on the controller, not just on the syslog server.

 

The messages I want used to look like this :

 

Oct 8 06:34:48 example.com 2010 [128.143.222.18] authmgr[1742]: <522008> |authmgr| User authenticated: Name=zzzzz MAC=00:00:00:00:00:00 IP=x.x.x.x method=802.1x server=radius-server role=defintely-authenticated

 

Anyone else have user auth logging set up and want to share their logging statements, or does this work for everyone else and I need to open a TAC case to investigate....

 

Thanks

Jeff

 

 

Guru Elite
Posts: 21,272
Registered: ‎03-29-2007

Re: Logging user authentication success/failure

Try this:

 

(you want show log security 50)

 

(host) #show logging level verbose 

LOGGING LEVELS
--------------
Facility  Level     Sub Category  Process
--------  -----     ------------  -------
network   warnings  N/A           N/A
security  warnings  N/A           N/A
system    warnings  N/A           N/A
user      warnings  N/A           N/A
wireless  warnings  N/A           N/A

(host) #configure t
Enter Configuration commands, one per line. End with CNTL/Z

(host) (config) #logging level debugging security process authmgr 
(host) (config) #exit
(host) #show log security 50

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 16
Registered: ‎08-31-2010

Re: Logging user authentication success/failure

Thanks

 

Yes that gives me the logs for authmgr.  Apparently somewhere in the 6.x upgrade from 5.x, the logging messages changed because even setting the severity to DEBUG doesn't produces the "User Authenticated" messages we saw previously.  

 

I found something sort of similar at the INFO level, but the verbosity of the logs on a busy controller at INFO is voluminous.  450+ messages/minute.  

 

Its too bad becasue we had support staff trained to look in log dumps for those messages to help diagnose problems.

 

 

 

 

 

 

 

 

Search Airheads
Showing results for 
Search instead for 
Did you mean: