I put the syslog server IP address into the settings on the virtual controller.
I then created a config file in /etc/rsyslog.d called 30aruba.conf containing this:
:rawmsg, contains, "sn=Instant-C4:57:3B" /var/log/arubawireless.log& ~
I set the log level to debug and restarted rsyslog, but still nothing is coming through. I also know that rsyslog is listening on UDP 514.
Am I missing something? Any help is appreciated,
What do your IAP ACL's look like? are you permitting the necessary UDP ports?
If you don't have an explicit 'allow all', you can add a network specifc ACL for UDP 514 by doing the following from the PEF tab in the IAP:
For each SSID in PEF I have allowed UDP 514 to our syslog server. See attached picture.
I also set each facility to warning to help get more logs sent.
I suspect it's maybe something with my /etc/rsyslog.d/30aruba.conf file which looks like this:
:rawmsg, contains, "aruba" /var/log/arubawireless.log& ~
Here is the syslog config.
tyosick, can you confirm the IAP is sending the syslog OUT via an uplink pcap? Optically what you have confiugred looks correct.
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2021 Hewlett Packard Enterprise Development LPAll Rights Reserved.