Cloud Managed Networks

last person joined: yesterday 

Forum to discuss all things Aruba Central and UXI Network Management, this includes Aruba Central managed networks, Central configuration, best practices, Central APIs, Cloud Guest, AIOps, Presence Analytics and Other Central Applications
Expand all | Collapse all

Central Audit Trail and Configuration User

This thread has been viewed 8 times
  • 1.  Central Audit Trail and Configuration User

    Posted 13 days ago
    Hi all,

    We're evaluating Central for AOS-CX wired network management and I'd like to better understand how change auditing works.

    At the moment, I don't see the ability to export audit trail logs for configurations made in Central, I'm hoping I've overlooked something as this seems to be a fairly important detail to be missing.  Especially since audit logs are purged after 90 days.

    I'm trying to understand how I will correlate configuration changes from different users in Central against changes on switches.

    Am I correct in my understanding:

    • All changes from Central are made by the admin user; this username cannot be changed.
      • Changes are not directly written to the switch as commands, a new config is uploaded to the switch and a checkpoint is created.
      • Checkpoints are named according to the date an time the change was made by Central.  This can be matched by the timestamp (not exactly) to the Audit Trail in central

    Currently we have command logging configured with ClearPass and TACACS+ on our network and it works extremely well, I understand TACACS+ is considered legacy, but in terms of auditing configuration changes it provides far greater capabilities than Central.  IMHO, the capabilities in Central are a  significant jump in the wrong direction, particularly in the name of Security.

    I'm hoping I'm wrong and I've missed something, but at a minimum I'd expect the ability to export these audit logs into our SIEM for local auditing and analysis, a 90-day lifecycle isn't enough.

    Have I missed anything? 

    Thanks,
    Victor

    P.S. I was looking at the Central API to see if it exposed the audit trail, unfortunately it does not.



    ------------------------------
    Victor Castro
    ------------------------------


  • 2.  RE: Central Audit Trail and Configuration User

    Posted 13 days ago
    I may have answered my own question... it appears as though the Central provides a Streaming API...  https://developer.arubanetworks.com/aruba-central/docs/streaming-api-getting-started

    I'll have to dig in to see how we can use this.  If anyone has experience with it, it'd appreciate some insight.

    Thanks!

    ------------------------------
    Victor Castro
    ------------------------------