Hello,
Both options are available when configuring a syslog server like the one you have with SIEM.
You can select different values to configure the syslog facility levels, once you have added the server IP.
Syslog supports the following seven facilities, where you can select the one you are most interested in for alerting or troubleshooting. Important depending on the case all of them can be important, see Security, Network or System to be alert. And by way of troubleshooting user-debug and ap-debug between them with special attention. But below I detail each of them:
AP-Debug - Detailed logging about the AP device.
Network - Logging about changes in the network, for example when a new IAP is added to the network.
Security - Log about network security, e.g. when a client connects using an incorrect password.
System - Logs about the configuration and status of the system.
User - Important logs about the client.
User-Debug - Detailed log about the client.
Wireless - Logging about the radio.
All these logos will be logged in your SIEM.
What you should also put would be the log levels in order of severity, from the most to the least severe. Here is the table where each of them is described.
Thanks
------------------------------
Daniel Ruiz
-----------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support.
Check
https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC.
------------------------------
Original Message:
Sent: Nov 05, 2024 08:00 AM
From: OH-wifi
Subject: Logs
Morning! We have about 30 IAP-315s that form their own virtual controller, running 8.10.0.14. We have configured the VC to send logs to our SIEM. Quick question for the group, are there log entries that I should be looking for/alerting on that would indicate a problem or issue that would need further troubleshooting?