Network Management

last person joined: 2 hours ago 

Keep an informative eye on your network with IMC and Airwave network management solutions.
Expand all | Collapse all

Airwave external syslog no audit information only system?

Jump to Best Answer
  • 1.  Airwave external syslog no audit information only system?

    Posted Jan 22, 2014 10:55 AM

    I have finally gotten around to send syslogs from AIrwave to an external syslog server but what I am not seeing is the audit logs.

     

    So what I see on my syslog is the following:
     

    Jan 22 00:38:46 AMP (wips-aw-1)[29819]: Aruba Instant Virtual Controller CAT-GA-ATL-01555-VC1 Up#011System#011Device#011ID: 398#011Top > CAT - Atlantic Trust > CAT-GA-ATL-01555#011CAT-GA-ATL-01555
    Jan 22 00:43:33 AMP (wips-aw-1)[24886]: Universal Network Device CAT-GA-ATL-01555-SW1 Configuration verification succeeded; configuration is good#011System#011Device#011ID: 401#011Top > CAT - Atlantic Trust > CAT-GA-ATL-01555#011CAT-GA-ATL-01555

     

    But what I don't see is user actions that are recorded in the event log on AMP, they do not appear in the syslog. Example:
    Wed Jan 22 08:30:45 2014     dmcmonitoring     System     Alert 'Device Down Device Type is Remote AP or Minutes Down Threshold >= 5 minutes for CIB-ON-MIS-04922-WAP1' acknowledged
    Wed Jan 22 08:30:45 2014     dmcmonitoring     System     Alert 'Device Down Device Type is Remote AP or Minutes Down Threshold >= 5 minutes for CIB-ON-MIS-05432-WAP1' acknowledged          
     

    It seems to only gather syslog information coming from System but not users performing actions on AMP.

     

    My syslog is configured as such...
    Capture.PNG

     

    EDIT: also it seems as though not all messages are being captured...seems a bit slow.



  • 2.  RE: Airwave external syslog no audit information only system?

    Posted Jan 29, 2014 11:25 AM
    Anyone?


  • 3.  RE: Airwave external syslog no audit information only system?
    Best Answer

    Posted Feb 17, 2014 11:07 AM
    TAC confirmed this is not possible currently within AMP.


  • 4.  RE: Airwave external syslog no audit information only system?

    Posted Apr 13, 2017 02:56 PM

    Does anyone know if this is possible now?


    @pmonardo wrote:
    TAC confirmed this is not possible currently within AMP.

     



  • 5.  RE: Airwave external syslog no audit information only system?

    Posted Apr 14, 2017 05:31 AM

    Rosie,

     

    We have user option in Audit trail drop down list, could you choose that option and click, send test message and check whether you are receivng Airwave user related events.

     

    Capture(1).PNG

     

    Regards,

    Pavan

    If my post address your query, give kudos:)



  • 6.  RE: Airwave external syslog no audit information only system?

    Posted Apr 14, 2017 09:15 AM

    Does this send GUI audit logs?



  • 7.  RE: Airwave external syslog no audit information only system?

    Posted Apr 14, 2017 09:21 AM

    Its should send the the entries of changes made by GUI user but I am not 100% sure, try set it to audit and send test message and check the status.

     

    Regards,

    Pavan



  • 8.  RE: Airwave external syslog no audit information only system?

    Posted Apr 14, 2017 09:28 AM

    I see audit logs but I am not seeing logins from the GUI.

     

    Syslog is also being bombarded by the following:

     

     session opened for user igc by (uid=0)