Wireless Access

last person joined: 4 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

sending syslogs to central syslog server

This thread has been viewed 13 times

  • 1.  sending syslogs to central syslog server

    Posted Mar 01, 2012 01:43 PM

    We have a central logging box (PCI requirement) and want Airwave to feed it rather than simply accumlate a parallel pile of logs. Is there a way in Airwave to get it to forward log messages, or will I have to modify the linux syslog daemon settings?

     

    --Matthew



  • 2.  RE: sending syslogs to central syslog server

    Posted Mar 01, 2012 02:50 PM

    You can send AirWave's own event and audit logs to a syslog server (bottom left section of AMP Setup > General). 

     

    However, AirWave can't forward the log messages it receives from network devices to another server. 

     

     



  • 3.  RE: sending syslogs to central syslog server
    Best Answer

    Posted Mar 22, 2012 05:02 PM

    We solved the issue by addling the appropriate line to the syslog config file in the underlying OS.

    Now all syslog messages OS and AirWave send on to the master syslog server.

     

    Will future updates of Airwave overwrite that configuration file?

     

    We need a single central syslog server for PCI compliance, so this is actually an ideal solution for us -- worried now about possible ramifications of meddling under the hood...

     

    --Matthew



  • 4.  RE: sending syslogs to central syslog server

    Posted Mar 23, 2012 09:16 AM

    What file did you edit? 

     

    We try hard to make sure that AMP modifies system configuration files instead of just overwriting them. Whenever you see a "BEGIN AMP..." and "END AMP..." section in a config file, you should be free to make changes to that file as long as you don't make changes within that section. 

     


    # BEGIN AMP POSTGRES AND KERNEL LOGGING
    *.info;mail.none;authpriv.none;cron.none;local5.none;local6.none /var/log/messages
    local5.* /var/log/pgsql
    local6.* /var/log/pound
    kern.* /var/log/kernel
    # END AMP POSTGRES AND KERNEL LOGGING



  • 5.  RE: sending syslogs to central syslog server

    Posted Mar 23, 2012 10:56 AM

    edit /etc/syslog.conf

    add the following line at the end:

    *.*     @syslog.server.ip.address.or.name



  • 6.  RE: sending syslogs to central syslog server

    Posted Apr 24, 2013 04:05 PM

    I tried all of the above in version 7.6.3 and its not working. Any ideas or ways to validate operation?



  • 7.  RE: sending syslogs to central syslog server

    EMPLOYEE
    Posted Apr 30, 2013 12:13 PM

    @1Calicobass

     

    Are you still having problems trying to get syslogging setup?  If so, please open a support case.



  • 8.  RE: sending syslogs to central syslog server

    Posted Apr 30, 2013 01:25 PM

    I didn't mention it in my post, but did you past the line I provided directly, or did you realize that I'd meant to have you replace the bit following the @ symbol with the IP address or name of your syslog server?



  • 9.  RE: sending syslogs to central syslog server

    Posted Feb 22, 2018 06:38 PM

    I am trying to get my logs into greylog.  Did specify tcp/udp and a port number?