Wireless Access

 View Only

  • 1.  log level question for PEF

    Posted Jan 30, 2012 04:34 PM

    Quick question, what is the loglevel to get NAT and PAT translates from an aruba controller? I'm stuck but I still don't feel like wasting an afternoon on with TAC. Does someone know offhand?

     

    Thanks!

     



  • 2.  RE: log level question for PEF

    Posted Jan 30, 2012 05:47 PM

    What is it exactly that you want to log? Every NAT'ed session? Surely not? That might result in loads of information you don't want. Probably better to add a rule into the role the users are in (that you're looking at) with the log variable at the end. Would be much more surgical. What are you trying to find out?



  • 3.  RE: log level question for PEF

    Posted Jan 31, 2012 11:41 AM

    yes, as we have a PAT rule that makes it difficult to track down what did what,

     

    the scenario here is that we have a virus detected from without the organization coming from our public, incedental use wireless (users are identified but anyone can get a day use username and pw) it provides a port, IP, and time. 

     

    so yes, we are interested in the translates: but as you suggest just collecting guest user NAT translates would be better (as this is the only PAT'ed range).

     

    how could I collect such a thing? Suggestions? 

     

     

     



  • 4.  RE: log level question for PEF

    Posted Jan 30, 2012 06:06 PM
    @appahman wrote:

    Quick question, what is the loglevel to get NAT and PAT translates from an aruba controller? I'm stuck but I still don't feel like wasting an afternoon on with TAC. Does someone know offhand?

     

    Thanks!

     

    it should be in the security log, by default.

     

    "show log security <x>" or just sent to external syslog.

     

    Please see the post here for details:  http://community.arubanetworks.com/t5/ArubaOS-and-Controllers/How-to-perform-legal-interception/m-p/3823/highlight/true#M1165 for more details.



  • 5.  RE: log level question for PEF

    Posted Jan 31, 2012 11:45 AM

    what command do I use for output of the logfiles as described in the link?

     

     

    Please see the post here for details:  http://community.arubanetworks.com/t5/ArubaOS-and-Controllers/How-to-perform-legal-interception/m-p/... for more details.

     

    it talks about the format of the information and possible storage, but no command to tell it where to go?

    I think this will suffice for me, but I need to know more.

    help?



  • 6.  RE: log level question for PEF

    Posted Feb 01, 2012 09:36 PM
    @appahman wrote:

    what command do I use for output of the logfiles as described in the link?

     

     

    Please see the post here for details:  http://community.arubanetworks.com/t5/ArubaOS-and-Controllers/How-to-perform-legal-interception/m-p/... for more details.

     

    it talks about the format of the information and possible storage, but no command to tell it where to go?

    I think this will suffice for me, but I need to know more.

    help?

    That would be in the security log, so to send it to a syslog server you do this:

     

    config t

    logging <ip address of syslog server> security

     

     


Related Content