Wireless Access

Reply
New Contributor

log level question for PEF

Quick question, what is the loglevel to get NAT and PAT translates from an aruba controller? I'm stuck but I still don't feel like wasting an afternoon on with TAC. Does someone know offhand?

 

Thanks!

 

Valued Contributor I

Re: log level question for PEF

What is it exactly that you want to log? Every NAT'ed session? Surely not? That might result in loads of information you don't want. Probably better to add a rule into the role the users are in (that you're looking at) with the log variable at the end. Would be much more surgical. What are you trying to find out?

Kudos appreciated, but I'm not hunting! (ACMX 104)
Guru Elite

Re: log level question for PEF


appahman wrote:

Quick question, what is the loglevel to get NAT and PAT translates from an aruba controller? I'm stuck but I still don't feel like wasting an afternoon on with TAC. Does someone know offhand?

 

Thanks!

 


it should be in the security log, by default.

 

"show log security <x>" or just sent to external syslog.

 

Please see the post here for details:  http://community.arubanetworks.com/t5/ArubaOS-and-Controllers/How-to-perform-legal-interception/m-p/3823/highlight/true#M1165 for more details.

******************
Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.
******************
New Contributor

Re: log level question for PEF

yes, as we have a PAT rule that makes it difficult to track down what did what,

 

the scenario here is that we have a virus detected from without the organization coming from our public, incedental use wireless (users are identified but anyone can get a day use username and pw) it provides a port, IP, and time. 

 

so yes, we are interested in the translates: but as you suggest just collecting guest user NAT translates would be better (as this is the only PAT'ed range).

 

how could I collect such a thing? Suggestions? 

 

 

 

New Contributor

Re: log level question for PEF

what command do I use for output of the logfiles as described in the link?

 

 

Please see the post here for details:  http://community.arubanetworks.com/t5/ArubaOS-and-Controllers/How-to-perform-legal-interception/m-p/... for more details.

 

it talks about the format of the information and possible storage, but no command to tell it where to go?

I think this will suffice for me, but I need to know more.

help?

Guru Elite

Re: log level question for PEF


appahman wrote:

what command do I use for output of the logfiles as described in the link?

 

 

Please see the post here for details:  http://community.arubanetworks.com/t5/ArubaOS-and-Controllers/How-to-perform-legal-interception/m-p/... for more details.

 

it talks about the format of the information and possible storage, but no command to tell it where to go?

I think this will suffice for me, but I need to know more.

help?


That would be in the security log, so to send it to a syslog server you do this:

 

config t

logging <ip address of syslog server> security

 

 
******************
Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.
******************
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: