Wireless Access

Reply
Frequent Contributor II

User authentication in syslog

I cannot get user authentication information to go to my syslog server so Palo alto can parse the logs for the username/IP.  I've tried multiple settings for the controller for logging.  Under what category/subcategory do I use to get the information?  What logging level? 

 

current effort:

User category / dot1x & radius subcategory with logging level informational for both.

Under the logging servers area, I have category User with severity informational.

 

Any help will be greatly appreciated.

Guru Elite

Re: User authentication in syslog

Try this:  http://community.arubanetworks.com/t5/Command-of-the-Day/COTD-logging-authentication-events/m-p/5328/highlight/true#M220

 

******************
Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.
******************
Contributor I

Re: User authentication in syslog

Hi Colin,

 

Do you have the syslog export filter from the controller on how you got those specific message only.  I'm interested in passing username to ip mappings to palo.  Unfortunately I am still running AOS 6.3.1.13 so I do not have the 6.4 integration.  

 

Thanks,

 

Alfredo

Guru Elite

Re: User authentication in syslog

You would do this:

 

config t
logging level notifications user process authmgr 
logging <ip address of PAN devices>

 To be clear, I have not tried to see if the output works on PAN with this method.

 

You can see the output by typing "show log user 50"

 

******************
Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.
******************
Contributor I

Re: User authentication in syslog

Thanks for the help Colin!  Worked like a charm.  I had the controllers pass the syslog messages over to our main syslog server and then trigger forward only the required entries with prper usernames.  We've have one heck of a battle trying to pass uid's correctly from cppm to palo.  The xml api didnt work as well as we thought for our environment.  This method I must say is probably the cleanest implementation to pass uid's over to the pan agent.  Thanks again!

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: