Wireless Access

Reply
MVP

sending syslogs to central syslog server

We have a central logging box (PCI requirement) and want Airwave to feed it rather than simply accumlate a parallel pile of logs. Is there a way in Airwave to get it to forward log messages, or will I have to modify the linux syslog daemon settings?

 

--Matthew

--Matthew

if I've helped, please give kudos
if I've provided a solution, please mark the solution so others can find it
Regular Contributor I

Re: sending syslogs to central syslog server

You can send AirWave's own event and audit logs to a syslog server (bottom left section of AMP Setup > General). 

 

However, AirWave can't forward the log messages it receives from network devices to another server. 

 

 

MVP

Re: sending syslogs to central syslog server

We solved the issue by addling the appropriate line to the syslog config file in the underlying OS.

Now all syslog messages OS and AirWave send on to the master syslog server.

 

Will future updates of Airwave overwrite that configuration file?

 

We need a single central syslog server for PCI compliance, so this is actually an ideal solution for us -- worried now about possible ramifications of meddling under the hood...

 

--Matthew

--Matthew

if I've helped, please give kudos
if I've provided a solution, please mark the solution so others can find it
Regular Contributor I

Re: sending syslogs to central syslog server

What file did you edit? 

 

We try hard to make sure that AMP modifies system configuration files instead of just overwriting them. Whenever you see a "BEGIN AMP..." and "END AMP..." section in a config file, you should be free to make changes to that file as long as you don't make changes within that section. 

 


# BEGIN AMP POSTGRES AND KERNEL LOGGING
*.info;mail.none;authpriv.none;cron.none;local5.none;local6.none /var/log/messages
local5.* /var/log/pgsql
local6.* /var/log/pound
kern.* /var/log/kernel
# END AMP POSTGRES AND KERNEL LOGGING

MVP

Re: sending syslogs to central syslog server

edit /etc/syslog.conf

add the following line at the end:

*.*     @syslog.server.ip.address.or.name

--Matthew

if I've helped, please give kudos
if I've provided a solution, please mark the solution so others can find it
Occasional Contributor I

Re: sending syslogs to central syslog server

I tried all of the above in version 7.6.3 and its not working. Any ideas or ways to validate operation?

Moderator

Re: sending syslogs to central syslog server

@1Calicobass

 

Are you still having problems trying to get syslogging setup?  If so, please open a support case.


Rob Gin
Senior QA Engineer - Network Services
Aruba Networks, a Hewlett Packard Enterprise Company
MVP

Re: sending syslogs to central syslog server

I didn't mention it in my post, but did you past the line I provided directly, or did you realize that I'd meant to have you replace the bit following the @ symbol with the IP address or name of your syslog server?

--Matthew

if I've helped, please give kudos
if I've provided a solution, please mark the solution so others can find it
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: