Wireless Access

last person joined: 19 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Syslog timestamp

This thread has been viewed 7 times

  • 1.  Syslog timestamp

    Posted Jul 06, 2012 04:41 PM

    I searched for "syslog time stamp" (without the quotes) and find only this post on the forums.

     

    The answer from Aruba in Dec 2010 was that it was only recommended in the RFC to include a timestamp - I see timestamps in my log buffer on ther controller but nothing on my syslog server.  Anyone know if this has been changed (yet)?  I don't see an obvious way to fix it.

     

    Also, when I do "show log all" I get what seems to be the different log categories, each in order, but overall the timestamps jump all over the place, and I don't see a way to show the log in time sequence.  Is this correct, can't do it?

     

    Thanks.

     

    Paul



  • 2.  RE: Syslog timestamp

    Posted Jul 07, 2012 03:20 AM

    Hello Paul,

     

    Can you please provide us with a screen-shots from the syslog and MC log buffer. 

     

    Is there any options associated with your syslog server ? have you tried your syslog server with other equipments like cisco/junipor and it is showing timestamp with no problems ?

     

    Regards,

    Abi



  • 3.  RE: Syslog timestamp

    Posted Jul 09, 2012 07:39 PM

    So, here is a portion of the output from >show log all | begin "Jul  9 16:"<

     

    Jul 9 16:30:22 authmgr[1531]: <522044> <INFO> |authmgr| MAC=f0:cb:a1:62:98:e0 Station authenticate(start): method=802.1x, role=logon//, VLAN=143/143/0/0/0, Derivation=0/0, Value Pair=1
    Jul 9 16:30:22 authmgr[1531]: <522049> <INFO> |authmgr| MAC=f0:cb:a1:62:98:e0,IP=0.0.0.0 User role updated, existing Role=logon/none, new Role=UsrRole-WBSN-Emp1/none, reason=Station Authenticated with auth type: 4
    Jul 9 16:30:23 authmgr[1531]: <522036> <INFO> |authmgr| MAC=7c:61:93:a2:38:ff Station DN: BSSID=d8:c7:c8:17:6f:93 ESSID=Websense VLAN=143 AP-name=Test-AP-PT
    Jul 9 16:30:23 mobileip[1537]: <500010> <NOTI> |mobileip| Station 7c:61:93:a2:38:ff, 255.255.255.255: Mobility trail, on switch 10.64.6.101, VLAN 143, AP Test-AP-PT, Websense/d8:c7:c8:17:6f:93/g
    Jul 9 16:30:23 stm[1300]: <501080> <NOTI> |AP Test-AP-PT@10.64.6.11 stm| Deauth to sta: 7c:61:93:a2:38:ff: Ageout AP 10.64.6.11-d8:c7:c8:17:6f:93-Test-AP-PT Denied: AP Ageout
    Jul 9 16:30:23 stm[1300]: <501102> <NOTI> |AP Test-AP-PT@10.64.6.11 stm| Disassoc from sta: 7c:61:93:a2:38:ff: AP 10.64.6.11-d8:c7:c8:17:6f:93-Test-AP-PT Reason STA has left and is disassocisted
    Jul 9 16:30:23 stm[1300]: <501106> <NOTI> |AP Test-AP-PT@10.64.6.11 stm| Deauth to sta: 7c:61:93:a2:38:ff: Ageout AP 10.64.6.11-d8:c7:c8:17:6f:93-Test-AP-PT handle_sapcp
    Jul 9 16:30:23 stm[1532]: <501044> <NOTI> |stm| Station 7c:61:93:a2:38:ff: No authentication found trying to de-authenticate to BSSID d8:c7:c8:17:6f:93 on AP Test-AP-PT
    Jul 9 16:30:23 stm[1532]: <501102> <NOTI> |stm| Disassoc from sta: 7c:61:93:a2:38:ff: AP 10.64.6.11-d8:c7:c8:17:6f:93-Test-AP-PT Reason STA has left and is disassocisted
    Jul 9 16:30:23 stm[1532]: <501114> <NOTI> |stm| Deauth from sta: 7c:61:93:a2:38:ff: AP 10.64.6.11-d8:c7:c8:17:6f:93-Test-AP-PT Reason 255
    Jul 9 16:30:25 authmgr[1531]: <522035> <INFO> |authmgr| MAC=7c:61:93:a2:38:ff Station UP: BSSID=d8:c7:c8:17:6f:93 ESSID=Websense VLAN=143 AP-name=Test-AP-PT
    Jul 9 16:30:25 mobileip[1537]: <500010> <NOTI> |mobileip| Station 7c:61:93:a2:38:ff, 0.0.0.0: Mobility trail, on switch 10.64.6.101, VLAN 143, AP Test-AP-PT, Websense/d8:c7:c8:17:6f:93/g
    Jul 9 16:30:25 stm[1300]: <501093> <NOTI> |AP Test-AP-PT@10.64.6.11 stm| Auth success: 7c:61:93:a2:38:ff: AP 10.64.6.11-d8:c7:c8:17:6f:93-Test-AP-PT
    Jul 9 16:30:25 stm[1300]: <501095> <NOTI> |AP Test-AP-PT@10.64.6.11 stm| Assoc request @ 16:30:25.856463: 7c:61:93:a2:38:ff (SN 3029): AP 10.64.6.11-d8:c7:c8:17:6f:93-Test-AP-PT
    Jul 9 16:30:25 stm[1300]: <501100> <NOTI> |AP Test-AP-PT@10.64.6.11 stm| Assoc success @ 16:30:25.857612: 7c:61:93:a2:38:ff: AP 10.64.6.11-d8:c7:c8:17:6f:93-Test-AP-PT
    Jul 9 16:30:25 stm[1300]: <501109> <NOTI> |AP Test-AP-PT@10.64.6.11 stm| Auth request: 7c:61:93:a2:38:ff: AP 10.64.6.11-d8:c7:c8:17:6f:93-Test-AP-PT auth_alg 0
    Jul 9 16:30:25 stm[1532]: <501095> <NOTI> |stm| Assoc request @ 16:30:25.861521: 7c:61:93:a2:38:ff (SN 3029): AP 10.64.6.11-d8:c7:c8:17:6f:93-Test-AP-PT
    Jul 9 16:30:25 stm[1532]: <501100> <NOTI> |stm| Assoc success @ 16:30:25.865616: 7c:61:93:a2:38:ff: AP 10.64.6.11-d8:c7:c8:17:6f:93-Test-AP-PT
    Jul 9 16:30:25 wms[1519]: <316095> <INFO> |wms| Ageing STA 00:23:14:f4:fb:b4
    Jul 9 16:30:25 wms[1519]: <316095> <INFO> |wms| Ageing STA d0:23:db:4e:a6:e3
    Jul 9 16:30:25 wms[1519]: <316096> <INFO> |wms| Ageing STA tree node MAC 00:23:14:f4:fb:b4 Monitor d8:c7:c8:c9:76:f9
    Jul 9 16:30:25 wms[1519]: <316096> <INFO> |wms| Ageing STA tree node MAC 00:23:14:f4:fb:b4 Monitor d8:c7:c8:c9:76:fb
    Jul 9 16:30:25 wms[1519]: <316096> <INFO> |wms| Ageing STA tree node MAC d0:23:db:4e:a6:e3 Monitor d8:c7:c8:c9:76:da
    Jul 9 16:30:25 wms[1519]: <316096> <INFO> |wms| Ageing STA tree node MAC d0:23:db:4e:a6:e3 Monitor d8:c7:c8:c9:76:f8
    Jul 9 16:30:25 wms[1519]: <316096> <INFO> |wms| Ageing STA tree node MAC d0:23:db:4e:a6:e3 Monitor d8:c7:c8:c9:76:fb
    Jul 9 16:30:25 wms[1519]: <316096> <INFO> |wms| Ageing STA tree node MAC d0:23:db:4e:a6:e3 Monitor d8:c7:c8:c9:77:06
    Jul 9 16:30:25 wms[1519]: <316096> <INFO> |wms| Ageing STA tree node MAC d0:23:db:4e:a6:e3 Monitor d8:c7:c8:c9:77:17
    Jul 9 16:30:29 stm[1532]: <400192> <NOTI> |stm| STA 6d:a0:82:11:00:0f at AP 10.64.6.17-d8:c7:c8:17:6d:a0-wsdap24-2-06 5GHz capable.
    Jun 7 15:01:52 packetfilter[1381]: PAPI_Send: sendto Configuration Manager failed: No such file or directory Message Code 0 Sequence Num is 2
    Jun 7 15:01:53 certmgr[1382]: PAPI_Send: sendto Publisher failed: No such file or directory Message Code 11000 Sequence Num is 2
    Jun 7 15:01:53 certmgr[1382]: PAPI_Send: sendto Syslog Manager failed: No such file or directory Message Code 0 Sequence Num is 3
    Jun 7 15:01:54 cfgm[1424]: PAPI_Send: sendto License Manager failed: No such file or directory Message Code 0 Sequence Num is 2
    Jun 7 15:01:54 syslogdwrap[1436]: PAPI_Send: sendto ESI failed: No such file or directory Message Code 2001 Sequence Num is 2
    Jun 7 15:01:55 aaa[1468]: PAPI_Send: sendto User Database Server failed: No such file or directory Message Code 0 Sequence Num is 3
    Jun 7 15:01:55 fpapps[1507]: PAPI_Send: sendto License Manager failed: No such file or directory Message Code 0 Sequence Num is 13
    Jun 7 15:01:56 wms[1522]: PAPI_Init: timeout of 0 specified set to default 100 millisec.
    Jun 7 15:02:00 aaa[1468]: PAPI_Send: To: 7f000001:8344 Type:0x4 Timed out.
    Jun 7 15:02:00 syslogdwrap[1436]: PAPI_Send: To: 7f000001:8226 Type:0x4 Timed out.
    Jun 7 15:02:08 nanny[1370]: PAPI_Send: To: 7f000001:8407 Type:0x4 Timed out.
    Jun 7 15:02:10 cts[1560]: PAPI_Send: To: 7f000001:8226 Type:0x4 Timed out.
    Jun 7 15:02:13 mobileip[1537]: PAPI_Send: To: 7f000001:8226 Type:0x4 Timed out.
    Jun 7 15:02:13 phonehome[1538]: PAPI_Send: To: 7f000001:8226 Type:0x4 Timed out.
    Jun 7 15:02:16 snmp[1543]: PAPI_Send: To: 7f000001:8212 Type:0x4 Timed out.
    Jun 7 15:02:16 snmp[1544]: PAPI_Send: To: 7f000001:8212 Type:0x4 Timed out.

     

    As you can see it HAS time stamps BUT the output is mixed up and not in time order.  It's nice to have the ability to limit log data to particular types but when I say "all" I expect everything, in order.

     

    Here is the end of today's file on the syslog server (which AFAIK is taking whetever it gets and writing it):

     

    [root@ssdsyslog2 wsdwac1a]# tail -50 wsdwac1a-noacl.log
    <501093> <NOTI> <10.64.6.101 10.64.6.101> Auth success: 7c:61:93:a2:38:ff: AP 10.64.6.11-d8:c7:c8:17:6f:93-Test-AP-PT
    <501095> <NOTI> <wsdwac1a 10.64.6.101> Assoc request @ 16:30:25.861521: 7c:61:93:a2:38:ff (SN 3029): AP 10.64.6.11-d8:c7:c8:17:6f:93-Test-AP-PT
    <501095> <NOTI> <10.64.6.101 10.64.6.101> Assoc request @ 16:30:25.856463: 7c:61:93:a2:38:ff (SN 3029): AP 10.64.6.11-d8:c7:c8:17:6f:93-Test-AP-PT
    <501100> <NOTI> <10.64.6.101 10.64.6.101> Assoc success @ 16:30:25.857612: 7c:61:93:a2:38:ff: AP 10.64.6.11-d8:c7:c8:17:6f:93-Test-AP-PT
    <501100> <NOTI> <wsdwac1a 10.64.6.101> Assoc success @ 16:30:25.865616: 7c:61:93:a2:38:ff: AP 10.64.6.11-d8:c7:c8:17:6f:93-Test-AP-PT
    <500010> <NOTI> <wsdwac1a 10.64.6.101> Station 7c:61:93:a2:38:ff, 0.0.0.0: Mobility trail, on switch 10.64.6.101, VLAN 143, AP Test-AP-PT, Websense/d8:c7:c8:17:6f:93/g
    <522035> <INFO> <wsdwac1a 10.64.6.101> MAC=7c:61:93:a2:38:ff Station UP: BSSID=d8:c7:c8:17:6f:93 ESSID=Websense VLAN=143 AP-name=Test-AP-PT
    <400192> <NOTI> <wsdwac1a 10.64.6.101> STA 6d:a0:82:11:00:0f at AP 10.64.6.17-d8:c7:c8:17:6d:a0-wsdap24-2-06 5GHz capable.
    <307218> <INFO> <wsdwac1a 10.64.6.101> CFGM IPSEC src_net:0.0.0.0:0.0.0.0 dst_net:0.0.0.0:0.0.0.0 vlan:0 mac1: mac2: caCert: serverCert: suitBalgo:0 credType:0
    <501102> <NOTI> <wsdwac1a 10.64.6.101> Disassoc from sta: 7c:61:93:a2:38:ff: AP 10.64.6.11-d8:c7:c8:17:6f:93-Test-AP-PT Reason STA has left and is disassocisted
    <501102> <NOTI> <10.64.6.101 10.64.6.101> Disassoc from sta: 7c:61:93:a2:38:ff: AP 10.64.6.11-d8:c7:c8:17:6f:93-Test-AP-PT Reason STA has left and is disassocisted
    <500010> <NOTI> <wsdwac1a 10.64.6.101> Station 7c:61:93:a2:38:ff, 255.255.255.255: Mobility trail, on switch 10.64.6.101, VLAN 143, AP Test-AP-PT, Websense/d8:c7:c8:17:6f:93/g
    <501106> <NOTI> <10.64.6.101 10.64.6.101> Deauth to sta: 7c:61:93:a2:38:ff: Ageout AP 10.64.6.11-d8:c7:c8:17:6f:93-Test-AP-PT handle_sapcp
    <522036> <INFO> <wsdwac1a 10.64.6.101> MAC=7c:61:93:a2:38:ff Station DN: BSSID=d8:c7:c8:17:6f:93 ESSID=Websense VLAN=143 AP-name=Test-AP-PT
    <501080> <NOTI> <10.64.6.101 10.64.6.101> Deauth to sta: 7c:61:93:a2:38:ff: Ageout AP 10.64.6.11-d8:c7:c8:17:6f:93-Test-AP-PT Denied: AP Ageout
    <501114> <NOTI> <wsdwac1a 10.64.6.101> Deauth from sta: 7c:61:93:a2:38:ff: AP 10.64.6.11-d8:c7:c8:17:6f:93-Test-AP-PT Reason 255
    <501044> <NOTI> <wsdwac1a 10.64.6.101> Station 7c:61:93:a2:38:ff: No authentication found trying to de-authenticate to BSSID d8:c7:c8:17:6f:93 on AP Test-AP-PT
    <501109> <NOTI> <10.64.6.101 10.64.6.101> Auth request: 7c:61:93:a2:38:ff: AP 10.64.6.22-d8:c7:c8:17:71:93-Test-AP-DP auth_alg 0
    <501093> <NOTI> <10.64.6.101 10.64.6.101> Auth success: 7c:61:93:a2:38:ff: AP 10.64.6.22-d8:c7:c8:17:71:93-Test-AP-DP
    <501095> <NOTI> <wsdwac1a 10.64.6.101> Assoc request @ 16:30:38.029849: 7c:61:93:a2:38:ff (SN 3099): AP 10.64.6.22-d8:c7:c8:17:71:93-Test-AP-DP
    <501095> <NOTI> <10.64.6.101 10.64.6.101> Assoc request @ 16:30:38.025352: 7c:61:93:a2:38:ff (SN 3099): AP 10.64.6.22-d8:c7:c8:17:71:93-Test-AP-DP
    <501100> <NOTI> <10.64.6.101 10.64.6.101> Assoc success @ 16:30:38.026505: 7c:61:93:a2:38:ff: AP 10.64.6.22-d8:c7:c8:17:71:93-Test-AP-DP
    <501100> <NOTI> <wsdwac1a 10.64.6.101> Assoc success @ 16:30:38.033418: 7c:61:93:a2:38:ff: AP 10.64.6.22-d8:c7:c8:17:71:93-Test-AP-DP
    <522035> <INFO> <wsdwac1a 10.64.6.101> MAC=7c:61:93:a2:38:ff Station UP: BSSID=d8:c7:c8:17:71:93 ESSID=Websense VLAN=143 AP-name=Test-AP-DP
    <500010> <NOTI> <wsdwac1a 10.64.6.101> Station 7c:61:93:a2:38:ff, 0.0.0.0: Mobility trail, on switch 10.64.6.101, VLAN 143, AP Test-AP-DP, Websense/d8:c7:c8:17:71:93/g
    <307218> <INFO> <wsdwac1a 10.64.6.101> CFGM IPSEC src_net:0.0.0.0:0.0.0.0 dst_net:0.0.0.0:0.0.0.0 vlan:0 mac1: mac2: caCert: serverCert: suitBalgo:0 credType:0
    <501102> <NOTI> <wsdwac1a 10.64.6.101> Disassoc from sta: 7c:61:93:a2:38:ff: AP 10.64.6.22-d8:c7:c8:17:71:93-Test-AP-DP Reason STA has left and is disassocisted
    <500010> <NOTI> <wsdwac1a 10.64.6.101> Station 7c:61:93:a2:38:ff, 255.255.255.255: Mobility trail, on switch 10.64.6.101, VLAN 143, AP Test-AP-DP, Websense/d8:c7:c8:17:71:93/g
    <501102> <NOTI> <10.64.6.101 10.64.6.101> Disassoc from sta: 7c:61:93:a2:38:ff: AP 10.64.6.22-d8:c7:c8:17:71:93-Test-AP-DP Reason STA has left and is disassocisted
    <522036> <INFO> <wsdwac1a 10.64.6.101> MAC=7c:61:93:a2:38:ff Station DN: BSSID=d8:c7:c8:17:71:93 ESSID=Websense VLAN=143 AP-name=Test-AP-DP
    <501106> <NOTI> <10.64.6.101 10.64.6.101> Deauth to sta: 7c:61:93:a2:38:ff: Ageout AP 10.64.6.22-d8:c7:c8:17:71:93-Test-AP-DP handle_sapcp
    <501080> <NOTI> <10.64.6.101 10.64.6.101> Deauth to sta: 7c:61:93:a2:38:ff: Ageout AP 10.64.6.22-d8:c7:c8:17:71:93-Test-AP-DP Denied: AP Ageout
    <501114> <NOTI> <wsdwac1a 10.64.6.101> Deauth from sta: 7c:61:93:a2:38:ff: AP 10.64.6.22-d8:c7:c8:17:71:93-Test-AP-DP Reason 255
    <501044> <NOTI> <wsdwac1a 10.64.6.101> Station 7c:61:93:a2:38:ff: No authentication found trying to de-authenticate to BSSID d8:c7:c8:17:71:93 on AP Test-AP-DP
    <126037> <WARN> <wsdwac1a 10.64.6.101> |ids| AP(d8:c7:c8:17:6f:90@Test-AP-PT): Station Associated to Rogue AP: An AP detected a client 7c:61:93:a2:38:ff associated to a rogue access point (BSSID 00:0f:24:70:dc:01 and SSID Websense on CHANNEL 1).
    <501109> <NOTI> <10.64.6.101 10.64.6.101> Auth request: 7c:61:93:a2:38:ff: AP 10.64.6.11-d8:c7:c8:17:6f:93-Test-AP-PT auth_alg 0
    <501093> <NOTI> <10.64.6.101 10.64.6.101> Auth success: 7c:61:93:a2:38:ff: AP 10.64.6.11-d8:c7:c8:17:6f:93-Test-AP-PT
    <501095> <NOTI> <wsdwac1a 10.64.6.101> Assoc request @ 16:31:02.271924: 7c:61:93:a2:38:ff (SN 3195): AP 10.64.6.11-d8:c7:c8:17:6f:93-Test-AP-PT
    <501095> <NOTI> <10.64.6.101 10.64.6.101> Assoc request @ 16:31:02.266518: 7c:61:93:a2:38:ff (SN 3195): AP 10.64.6.11-d8:c7:c8:17:6f:93-Test-AP-PT
    <501100> <NOTI> <10.64.6.101 10.64.6.101> Assoc success @ 16:31:02.267924: 7c:61:93:a2:38:ff: AP 10.64.6.11-d8:c7:c8:17:6f:93-Test-AP-PT
    <501100> <NOTI> <wsdwac1a 10.64.6.101> Assoc success @ 16:31:02.275477: 7c:61:93:a2:38:ff: AP 10.64.6.11-d8:c7:c8:17:6f:93-Test-AP-PT
    <522035> <INFO> <wsdwac1a 10.64.6.101> MAC=7c:61:93:a2:38:ff Station UP: BSSID=d8:c7:c8:17:6f:93 ESSID=Websense VLAN=143 AP-name=Test-AP-PT
    <501095> <NOTI> <10.64.6.101 10.64.6.101> Assoc request @ 16:31:02.270617: 7c:61:93:a2:38:ff (SN 3195): AP 10.64.6.11-d8:c7:c8:17:6f:93-Test-AP-PT
    <500010> <NOTI> <wsdwac1a 10.64.6.101> Station 7c:61:93:a2:38:ff, 0.0.0.0: Mobility trail, on switch 10.64.6.101, VLAN 143, AP Test-AP-PT, Websense/d8:c7:c8:17:6f:93/g
    <501100> <NOTI> <10.64.6.101 10.64.6.101> Assoc success @ 16:31:02.271701: 7c:61:93:a2:38:ff: AP 10.64.6.11-d8:c7:c8:17:6f:93-Test-AP-PT
    <501095> <NOTI> <wsdwac1a 10.64.6.101> Assoc request @ 16:31:02.279736: 7c:61:93:a2:38:ff (SN 3195): AP 10.64.6.11-d8:c7:c8:17:6f:93-Test-AP-PT
    <501100> <NOTI> <wsdwac1a 10.64.6.101> Assoc success @ 16:31:02.280531: 7c:61:93:a2:38:ff: AP 10.64.6.11-d8:c7:c8:17:6f:93-Test-AP-PT
    <522035> <INFO> <wsdwac1a 10.64.6.101> MAC=7c:61:93:a2:38:ff Station UP: BSSID=d8:c7:c8:17:6f:93 ESSID=Websense VLAN=143 AP-name=Test-AP-PT
    <126038> <WARN> <wsdwac1a 10.64.6.101> |ids| AP(d8:c7:c8:17:6f:90@Test-AP-PT): Cleared Station Associated to Rogue AP: An AP is no longer detecting a client 7c:61:93:a2:38:ff associated to a rogue access point (BSSID 00:0f:24:70:dc:01 and SSID Websense on CHANNEL 1).
    <307218> <INFO> <wsdwac1a 10.64.6.101> CFGM IPSEC src_net:0.0.0.0:0.0.0.0 dst_net:0.0.0.0:0.0.0.0 vlan:0 mac1: mac2: caCert: serverCert: suitBalgo:0 credType:0
    [root@ssdsyslog2 wsdwac1a]#

     

    No timestamps.