Wireless Access

Reply
Frequent Contributor II
Posts: 110
Registered: ‎12-07-2007

User authentication in syslog

I cannot get user authentication information to go to my syslog server so Palo alto can parse the logs for the username/IP.  I've tried multiple settings for the controller for logging.  Under what category/subcategory do I use to get the information?  What logging level? 

 

current effort:

User category / dot1x & radius subcategory with logging level informational for both.

Under the logging servers area, I have category User with severity informational.

 

Any help will be greatly appreciated.

Guru Elite
Posts: 20,811
Registered: ‎03-29-2007

Re: User authentication in syslog

Try this:  http://community.arubanetworks.com/t5/Command-of-the-Day/COTD-logging-authentication-events/m-p/5328/highlight/true#M220

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Contributor I
Posts: 24
Registered: ‎10-24-2011

Re: User authentication in syslog

[ Edited ]

Hi Colin,

 

Do you have the syslog export filter from the controller on how you got those specific message only.  I'm interested in passing username to ip mappings to palo.  Unfortunately I am still running AOS 6.3.1.13 so I do not have the 6.4 integration.  

 

Thanks,

 

Alfredo

Guru Elite
Posts: 20,811
Registered: ‎03-29-2007

Re: User authentication in syslog

[ Edited ]

You would do this:

 

config t
logging level notifications user process authmgr 
logging <ip address of PAN devices>

 To be clear, I have not tried to see if the output works on PAN with this method.

 

You can see the output by typing "show log user 50"

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Contributor I
Posts: 24
Registered: ‎10-24-2011

Re: User authentication in syslog

Thanks for the help Colin!  Worked like a charm.  I had the controllers pass the syslog messages over to our main syslog server and then trigger forward only the required entries with prper usernames.  We've have one heck of a battle trying to pass uid's correctly from cppm to palo.  The xml api didnt work as well as we thought for our environment.  This method I must say is probably the cleanest implementation to pass uid's over to the pan agent.  Thanks again!

Search Airheads
Showing results for 
Search instead for 
Did you mean: