Wireless Access

Reply
Occasional Contributor II
Posts: 16
Registered: ‎04-16-2012

Syslog timestamp

I searched for "syslog time stamp" (without the quotes) and find only this post on the forums.

 

The answer from Aruba in Dec 2010 was that it was only recommended in the RFC to include a timestamp - I see timestamps in my log buffer on ther controller but nothing on my syslog server.  Anyone know if this has been changed (yet)?  I don't see an obvious way to fix it.

 

Also, when I do "show log all" I get what seems to be the different log categories, each in order, but overall the timestamps jump all over the place, and I don't see a way to show the log in time sequence.  Is this correct, can't do it?

 

Thanks.

 

Paul

Frequent Contributor II
Posts: 135
Registered: ‎07-06-2012

Re: Syslog timestamp

Hello Paul,

 

Can you please provide us with a screen-shots from the syslog and MC log buffer. 

 

Is there any options associated with your syslog server ? have you tried your syslog server with other equipments like cisco/junipor and it is showing timestamp with no problems ?

 

Regards,

Abi

Occasional Contributor II
Posts: 16
Registered: ‎04-16-2012

Re: Syslog timestamp

[ Edited ]

So, here is a portion of the output from >show log all | begin "Jul  9 16:"<

 

Jul 9 16:30:22 authmgr[1531]: <522044> <INFO> |authmgr| MAC=f0:cb:a1:62:98:e0 Station authenticate(start): method=802.1x, role=logon//, VLAN=143/143/0/0/0, Derivation=0/0, Value Pair=1
Jul 9 16:30:22 authmgr[1531]: <522049> <INFO> |authmgr| MAC=f0:cb:a1:62:98:e0,IP=0.0.0.0 User role updated, existing Role=logon/none, new Role=UsrRole-WBSN-Emp1/none, reason=Station Authenticated with auth type: 4
Jul 9 16:30:23 authmgr[1531]: <522036> <INFO> |authmgr| MAC=7c:61:93:a2:38:ff Station DN: BSSID=d8:c7:c8:17:6f:93 ESSID=Websense VLAN=143 AP-name=Test-AP-PT
Jul 9 16:30:23 mobileip[1537]: <500010> <NOTI> |mobileip| Station 7c:61:93:a2:38:ff, 255.255.255.255: Mobility trail, on switch 10.64.6.101, VLAN 143, AP Test-AP-PT, Websense/d8:c7:c8:17:6f:93/g
Jul 9 16:30:23 stm[1300]: <501080> <NOTI> |AP Test-AP-PT@10.64.6.11 stm| Deauth to sta: 7c:61:93:a2:38:ff: Ageout AP 10.64.6.11-d8:c7:c8:17:6f:93-Test-AP-PT Denied: AP Ageout
Jul 9 16:30:23 stm[1300]: <501102> <NOTI> |AP Test-AP-PT@10.64.6.11 stm| Disassoc from sta: 7c:61:93:a2:38:ff: AP 10.64.6.11-d8:c7:c8:17:6f:93-Test-AP-PT Reason STA has left and is disassocisted
Jul 9 16:30:23 stm[1300]: <501106> <NOTI> |AP Test-AP-PT@10.64.6.11 stm| Deauth to sta: 7c:61:93:a2:38:ff: Ageout AP 10.64.6.11-d8:c7:c8:17:6f:93-Test-AP-PT handle_sapcp
Jul 9 16:30:23 stm[1532]: <501044> <NOTI> |stm| Station 7c:61:93:a2:38:ff: No authentication found trying to de-authenticate to BSSID d8:c7:c8:17:6f:93 on AP Test-AP-PT
Jul 9 16:30:23 stm[1532]: <501102> <NOTI> |stm| Disassoc from sta: 7c:61:93:a2:38:ff: AP 10.64.6.11-d8:c7:c8:17:6f:93-Test-AP-PT Reason STA has left and is disassocisted
Jul 9 16:30:23 stm[1532]: <501114> <NOTI> |stm| Deauth from sta: 7c:61:93:a2:38:ff: AP 10.64.6.11-d8:c7:c8:17:6f:93-Test-AP-PT Reason 255
Jul 9 16:30:25 authmgr[1531]: <522035> <INFO> |authmgr| MAC=7c:61:93:a2:38:ff Station UP: BSSID=d8:c7:c8:17:6f:93 ESSID=Websense VLAN=143 AP-name=Test-AP-PT
Jul 9 16:30:25 mobileip[1537]: <500010> <NOTI> |mobileip| Station 7c:61:93:a2:38:ff, 0.0.0.0: Mobility trail, on switch 10.64.6.101, VLAN 143, AP Test-AP-PT, Websense/d8:c7:c8:17:6f:93/g
Jul 9 16:30:25 stm[1300]: <501093> <NOTI> |AP Test-AP-PT@10.64.6.11 stm| Auth success: 7c:61:93:a2:38:ff: AP 10.64.6.11-d8:c7:c8:17:6f:93-Test-AP-PT
Jul 9 16:30:25 stm[1300]: <501095> <NOTI> |AP Test-AP-PT@10.64.6.11 stm| Assoc request @ 16:30:25.856463: 7c:61:93:a2:38:ff (SN 3029): AP 10.64.6.11-d8:c7:c8:17:6f:93-Test-AP-PT
Jul 9 16:30:25 stm[1300]: <501100> <NOTI> |AP Test-AP-PT@10.64.6.11 stm| Assoc success @ 16:30:25.857612: 7c:61:93:a2:38:ff: AP 10.64.6.11-d8:c7:c8:17:6f:93-Test-AP-PT
Jul 9 16:30:25 stm[1300]: <501109> <NOTI> |AP Test-AP-PT@10.64.6.11 stm| Auth request: 7c:61:93:a2:38:ff: AP 10.64.6.11-d8:c7:c8:17:6f:93-Test-AP-PT auth_alg 0
Jul 9 16:30:25 stm[1532]: <501095> <NOTI> |stm| Assoc request @ 16:30:25.861521: 7c:61:93:a2:38:ff (SN 3029): AP 10.64.6.11-d8:c7:c8:17:6f:93-Test-AP-PT
Jul 9 16:30:25 stm[1532]: <501100> <NOTI> |stm| Assoc success @ 16:30:25.865616: 7c:61:93:a2:38:ff: AP 10.64.6.11-d8:c7:c8:17:6f:93-Test-AP-PT
Jul 9 16:30:25 wms[1519]: <316095> <INFO> |wms| Ageing STA 00:23:14:f4:fb:b4
Jul 9 16:30:25 wms[1519]: <316095> <INFO> |wms| Ageing STA d0:23:db:4e:a6:e3
Jul 9 16:30:25 wms[1519]: <316096> <INFO> |wms| Ageing STA tree node MAC 00:23:14:f4:fb:b4 Monitor d8:c7:c8:c9:76:f9
Jul 9 16:30:25 wms[1519]: <316096> <INFO> |wms| Ageing STA tree node MAC 00:23:14:f4:fb:b4 Monitor d8:c7:c8:c9:76:fb
Jul 9 16:30:25 wms[1519]: <316096> <INFO> |wms| Ageing STA tree node MAC d0:23:db:4e:a6:e3 Monitor d8:c7:c8:c9:76:da
Jul 9 16:30:25 wms[1519]: <316096> <INFO> |wms| Ageing STA tree node MAC d0:23:db:4e:a6:e3 Monitor d8:c7:c8:c9:76:f8
Jul 9 16:30:25 wms[1519]: <316096> <INFO> |wms| Ageing STA tree node MAC d0:23:db:4e:a6:e3 Monitor d8:c7:c8:c9:76:fb
Jul 9 16:30:25 wms[1519]: <316096> <INFO> |wms| Ageing STA tree node MAC d0:23:db:4e:a6:e3 Monitor d8:c7:c8:c9:77:06
Jul 9 16:30:25 wms[1519]: <316096> <INFO> |wms| Ageing STA tree node MAC d0:23:db:4e:a6:e3 Monitor d8:c7:c8:c9:77:17
Jul 9 16:30:29 stm[1532]: <400192> <NOTI> |stm| STA 6d:a0:82:11:00:0f at AP 10.64.6.17-d8:c7:c8:17:6d:a0-wsdap24-2-06 5GHz capable.
Jun 7 15:01:52 packetfilter[1381]: PAPI_Send: sendto Configuration Manager failed: No such file or directory Message Code 0 Sequence Num is 2
Jun 7 15:01:53 certmgr[1382]: PAPI_Send: sendto Publisher failed: No such file or directory Message Code 11000 Sequence Num is 2
Jun 7 15:01:53 certmgr[1382]: PAPI_Send: sendto Syslog Manager failed: No such file or directory Message Code 0 Sequence Num is 3
Jun 7 15:01:54 cfgm[1424]: PAPI_Send: sendto License Manager failed: No such file or directory Message Code 0 Sequence Num is 2
Jun 7 15:01:54 syslogdwrap[1436]: PAPI_Send: sendto ESI failed: No such file or directory Message Code 2001 Sequence Num is 2
Jun 7 15:01:55 aaa[1468]: PAPI_Send: sendto User Database Server failed: No such file or directory Message Code 0 Sequence Num is 3
Jun 7 15:01:55 fpapps[1507]: PAPI_Send: sendto License Manager failed: No such file or directory Message Code 0 Sequence Num is 13
Jun 7 15:01:56 wms[1522]: PAPI_Init: timeout of 0 specified set to default 100 millisec.
Jun 7 15:02:00 aaa[1468]: PAPI_Send: To: 7f000001:8344 Type:0x4 Timed out.
Jun 7 15:02:00 syslogdwrap[1436]: PAPI_Send: To: 7f000001:8226 Type:0x4 Timed out.
Jun 7 15:02:08 nanny[1370]: PAPI_Send: To: 7f000001:8407 Type:0x4 Timed out.
Jun 7 15:02:10 cts[1560]: PAPI_Send: To: 7f000001:8226 Type:0x4 Timed out.
Jun 7 15:02:13 mobileip[1537]: PAPI_Send: To: 7f000001:8226 Type:0x4 Timed out.
Jun 7 15:02:13 phonehome[1538]: PAPI_Send: To: 7f000001:8226 Type:0x4 Timed out.
Jun 7 15:02:16 snmp[1543]: PAPI_Send: To: 7f000001:8212 Type:0x4 Timed out.
Jun 7 15:02:16 snmp[1544]: PAPI_Send: To: 7f000001:8212 Type:0x4 Timed out.

 

As you can see it HAS time stamps BUT the output is mixed up and not in time order.  It's nice to have the ability to limit log data to particular types but when I say "all" I expect everything, in order.

 

Here is the end of today's file on the syslog server (which AFAIK is taking whetever it gets and writing it):

 

[root@ssdsyslog2 wsdwac1a]# tail -50 wsdwac1a-noacl.log
<501093> <NOTI> <10.64.6.101 10.64.6.101> Auth success: 7c:61:93:a2:38:ff: AP 10.64.6.11-d8:c7:c8:17:6f:93-Test-AP-PT
<501095> <NOTI> <wsdwac1a 10.64.6.101> Assoc request @ 16:30:25.861521: 7c:61:93:a2:38:ff (SN 3029): AP 10.64.6.11-d8:c7:c8:17:6f:93-Test-AP-PT
<501095> <NOTI> <10.64.6.101 10.64.6.101> Assoc request @ 16:30:25.856463: 7c:61:93:a2:38:ff (SN 3029): AP 10.64.6.11-d8:c7:c8:17:6f:93-Test-AP-PT
<501100> <NOTI> <10.64.6.101 10.64.6.101> Assoc success @ 16:30:25.857612: 7c:61:93:a2:38:ff: AP 10.64.6.11-d8:c7:c8:17:6f:93-Test-AP-PT
<501100> <NOTI> <wsdwac1a 10.64.6.101> Assoc success @ 16:30:25.865616: 7c:61:93:a2:38:ff: AP 10.64.6.11-d8:c7:c8:17:6f:93-Test-AP-PT
<500010> <NOTI> <wsdwac1a 10.64.6.101> Station 7c:61:93:a2:38:ff, 0.0.0.0: Mobility trail, on switch 10.64.6.101, VLAN 143, AP Test-AP-PT, Websense/d8:c7:c8:17:6f:93/g
<522035> <INFO> <wsdwac1a 10.64.6.101> MAC=7c:61:93:a2:38:ff Station UP: BSSID=d8:c7:c8:17:6f:93 ESSID=Websense VLAN=143 AP-name=Test-AP-PT
<400192> <NOTI> <wsdwac1a 10.64.6.101> STA 6d:a0:82:11:00:0f at AP 10.64.6.17-d8:c7:c8:17:6d:a0-wsdap24-2-06 5GHz capable.
<307218> <INFO> <wsdwac1a 10.64.6.101> CFGM IPSEC src_net:0.0.0.0:0.0.0.0 dst_net:0.0.0.0:0.0.0.0 vlan:0 mac1: mac2: caCert: serverCert: suitBalgo:0 credType:0
<501102> <NOTI> <wsdwac1a 10.64.6.101> Disassoc from sta: 7c:61:93:a2:38:ff: AP 10.64.6.11-d8:c7:c8:17:6f:93-Test-AP-PT Reason STA has left and is disassocisted
<501102> <NOTI> <10.64.6.101 10.64.6.101> Disassoc from sta: 7c:61:93:a2:38:ff: AP 10.64.6.11-d8:c7:c8:17:6f:93-Test-AP-PT Reason STA has left and is disassocisted
<500010> <NOTI> <wsdwac1a 10.64.6.101> Station 7c:61:93:a2:38:ff, 255.255.255.255: Mobility trail, on switch 10.64.6.101, VLAN 143, AP Test-AP-PT, Websense/d8:c7:c8:17:6f:93/g
<501106> <NOTI> <10.64.6.101 10.64.6.101> Deauth to sta: 7c:61:93:a2:38:ff: Ageout AP 10.64.6.11-d8:c7:c8:17:6f:93-Test-AP-PT handle_sapcp
<522036> <INFO> <wsdwac1a 10.64.6.101> MAC=7c:61:93:a2:38:ff Station DN: BSSID=d8:c7:c8:17:6f:93 ESSID=Websense VLAN=143 AP-name=Test-AP-PT
<501080> <NOTI> <10.64.6.101 10.64.6.101> Deauth to sta: 7c:61:93:a2:38:ff: Ageout AP 10.64.6.11-d8:c7:c8:17:6f:93-Test-AP-PT Denied: AP Ageout
<501114> <NOTI> <wsdwac1a 10.64.6.101> Deauth from sta: 7c:61:93:a2:38:ff: AP 10.64.6.11-d8:c7:c8:17:6f:93-Test-AP-PT Reason 255
<501044> <NOTI> <wsdwac1a 10.64.6.101> Station 7c:61:93:a2:38:ff: No authentication found trying to de-authenticate to BSSID d8:c7:c8:17:6f:93 on AP Test-AP-PT
<501109> <NOTI> <10.64.6.101 10.64.6.101> Auth request: 7c:61:93:a2:38:ff: AP 10.64.6.22-d8:c7:c8:17:71:93-Test-AP-DP auth_alg 0
<501093> <NOTI> <10.64.6.101 10.64.6.101> Auth success: 7c:61:93:a2:38:ff: AP 10.64.6.22-d8:c7:c8:17:71:93-Test-AP-DP
<501095> <NOTI> <wsdwac1a 10.64.6.101> Assoc request @ 16:30:38.029849: 7c:61:93:a2:38:ff (SN 3099): AP 10.64.6.22-d8:c7:c8:17:71:93-Test-AP-DP
<501095> <NOTI> <10.64.6.101 10.64.6.101> Assoc request @ 16:30:38.025352: 7c:61:93:a2:38:ff (SN 3099): AP 10.64.6.22-d8:c7:c8:17:71:93-Test-AP-DP
<501100> <NOTI> <10.64.6.101 10.64.6.101> Assoc success @ 16:30:38.026505: 7c:61:93:a2:38:ff: AP 10.64.6.22-d8:c7:c8:17:71:93-Test-AP-DP
<501100> <NOTI> <wsdwac1a 10.64.6.101> Assoc success @ 16:30:38.033418: 7c:61:93:a2:38:ff: AP 10.64.6.22-d8:c7:c8:17:71:93-Test-AP-DP
<522035> <INFO> <wsdwac1a 10.64.6.101> MAC=7c:61:93:a2:38:ff Station UP: BSSID=d8:c7:c8:17:71:93 ESSID=Websense VLAN=143 AP-name=Test-AP-DP
<500010> <NOTI> <wsdwac1a 10.64.6.101> Station 7c:61:93:a2:38:ff, 0.0.0.0: Mobility trail, on switch 10.64.6.101, VLAN 143, AP Test-AP-DP, Websense/d8:c7:c8:17:71:93/g
<307218> <INFO> <wsdwac1a 10.64.6.101> CFGM IPSEC src_net:0.0.0.0:0.0.0.0 dst_net:0.0.0.0:0.0.0.0 vlan:0 mac1: mac2: caCert: serverCert: suitBalgo:0 credType:0
<501102> <NOTI> <wsdwac1a 10.64.6.101> Disassoc from sta: 7c:61:93:a2:38:ff: AP 10.64.6.22-d8:c7:c8:17:71:93-Test-AP-DP Reason STA has left and is disassocisted
<500010> <NOTI> <wsdwac1a 10.64.6.101> Station 7c:61:93:a2:38:ff, 255.255.255.255: Mobility trail, on switch 10.64.6.101, VLAN 143, AP Test-AP-DP, Websense/d8:c7:c8:17:71:93/g
<501102> <NOTI> <10.64.6.101 10.64.6.101> Disassoc from sta: 7c:61:93:a2:38:ff: AP 10.64.6.22-d8:c7:c8:17:71:93-Test-AP-DP Reason STA has left and is disassocisted
<522036> <INFO> <wsdwac1a 10.64.6.101> MAC=7c:61:93:a2:38:ff Station DN: BSSID=d8:c7:c8:17:71:93 ESSID=Websense VLAN=143 AP-name=Test-AP-DP
<501106> <NOTI> <10.64.6.101 10.64.6.101> Deauth to sta: 7c:61:93:a2:38:ff: Ageout AP 10.64.6.22-d8:c7:c8:17:71:93-Test-AP-DP handle_sapcp
<501080> <NOTI> <10.64.6.101 10.64.6.101> Deauth to sta: 7c:61:93:a2:38:ff: Ageout AP 10.64.6.22-d8:c7:c8:17:71:93-Test-AP-DP Denied: AP Ageout
<501114> <NOTI> <wsdwac1a 10.64.6.101> Deauth from sta: 7c:61:93:a2:38:ff: AP 10.64.6.22-d8:c7:c8:17:71:93-Test-AP-DP Reason 255
<501044> <NOTI> <wsdwac1a 10.64.6.101> Station 7c:61:93:a2:38:ff: No authentication found trying to de-authenticate to BSSID d8:c7:c8:17:71:93 on AP Test-AP-DP
<126037> <WARN> <wsdwac1a 10.64.6.101> |ids| AP(d8:c7:c8:17:6f:90@Test-AP-PT): Station Associated to Rogue AP: An AP detected a client 7c:61:93:a2:38:ff associated to a rogue access point (BSSID 00:0f:24:70:dc:01 and SSID Websense on CHANNEL 1).
<501109> <NOTI> <10.64.6.101 10.64.6.101> Auth request: 7c:61:93:a2:38:ff: AP 10.64.6.11-d8:c7:c8:17:6f:93-Test-AP-PT auth_alg 0
<501093> <NOTI> <10.64.6.101 10.64.6.101> Auth success: 7c:61:93:a2:38:ff: AP 10.64.6.11-d8:c7:c8:17:6f:93-Test-AP-PT
<501095> <NOTI> <wsdwac1a 10.64.6.101> Assoc request @ 16:31:02.271924: 7c:61:93:a2:38:ff (SN 3195): AP 10.64.6.11-d8:c7:c8:17:6f:93-Test-AP-PT
<501095> <NOTI> <10.64.6.101 10.64.6.101> Assoc request @ 16:31:02.266518: 7c:61:93:a2:38:ff (SN 3195): AP 10.64.6.11-d8:c7:c8:17:6f:93-Test-AP-PT
<501100> <NOTI> <10.64.6.101 10.64.6.101> Assoc success @ 16:31:02.267924: 7c:61:93:a2:38:ff: AP 10.64.6.11-d8:c7:c8:17:6f:93-Test-AP-PT
<501100> <NOTI> <wsdwac1a 10.64.6.101> Assoc success @ 16:31:02.275477: 7c:61:93:a2:38:ff: AP 10.64.6.11-d8:c7:c8:17:6f:93-Test-AP-PT
<522035> <INFO> <wsdwac1a 10.64.6.101> MAC=7c:61:93:a2:38:ff Station UP: BSSID=d8:c7:c8:17:6f:93 ESSID=Websense VLAN=143 AP-name=Test-AP-PT
<501095> <NOTI> <10.64.6.101 10.64.6.101> Assoc request @ 16:31:02.270617: 7c:61:93:a2:38:ff (SN 3195): AP 10.64.6.11-d8:c7:c8:17:6f:93-Test-AP-PT
<500010> <NOTI> <wsdwac1a 10.64.6.101> Station 7c:61:93:a2:38:ff, 0.0.0.0: Mobility trail, on switch 10.64.6.101, VLAN 143, AP Test-AP-PT, Websense/d8:c7:c8:17:6f:93/g
<501100> <NOTI> <10.64.6.101 10.64.6.101> Assoc success @ 16:31:02.271701: 7c:61:93:a2:38:ff: AP 10.64.6.11-d8:c7:c8:17:6f:93-Test-AP-PT
<501095> <NOTI> <wsdwac1a 10.64.6.101> Assoc request @ 16:31:02.279736: 7c:61:93:a2:38:ff (SN 3195): AP 10.64.6.11-d8:c7:c8:17:6f:93-Test-AP-PT
<501100> <NOTI> <wsdwac1a 10.64.6.101> Assoc success @ 16:31:02.280531: 7c:61:93:a2:38:ff: AP 10.64.6.11-d8:c7:c8:17:6f:93-Test-AP-PT
<522035> <INFO> <wsdwac1a 10.64.6.101> MAC=7c:61:93:a2:38:ff Station UP: BSSID=d8:c7:c8:17:6f:93 ESSID=Websense VLAN=143 AP-name=Test-AP-PT
<126038> <WARN> <wsdwac1a 10.64.6.101> |ids| AP(d8:c7:c8:17:6f:90@Test-AP-PT): Cleared Station Associated to Rogue AP: An AP is no longer detecting a client 7c:61:93:a2:38:ff associated to a rogue access point (BSSID 00:0f:24:70:dc:01 and SSID Websense on CHANNEL 1).
<307218> <INFO> <wsdwac1a 10.64.6.101> CFGM IPSEC src_net:0.0.0.0:0.0.0.0 dst_net:0.0.0.0:0.0.0.0 vlan:0 mac1: mac2: caCert: serverCert: suitBalgo:0 credType:0
[root@ssdsyslog2 wsdwac1a]#

 

No timestamps.

 

Search Airheads
Showing results for 
Search instead for 
Did you mean: