Hello everyone In the end I had to resolve it myself in a lab I did
In the end, the Syslog facility that gives you the information is not the security one is the System one!
I was looking at the wrong one. When I created the lab I put all the information and saw that it was coming from the system one.
The client had that security facility on warning and it needed to be on notice at least
When I changed it, they started getting the logs of the suspect rogues aps
I have no idea why they are on the system facility but well they are. They should be in there in the first place Ariyap?.
Thanks
Original Message:
Sent: Jan 02, 2024 08:32 PM
From: ariyap
Subject: Sending rogue and suspect rogue aps to the syslog server
Happy new year to you too.
everything looks to be in order. Perhaps you should contact our support services to resolve this.
------------------------------
If my post was useful accept solution and/or give kudos.
Any opinions expressed here are solely my own and not necessarily that of HPE or Aruba.
Original Message:
Sent: Jan 02, 2024 09:30 AM
From: cdelarosa
Subject: Sending rogue and suspect rogue aps to the syslog server
Hello Ariyap! happy new year!
These are the rules
System securty level is still on debug
Original Message:
Sent: Dec 31, 2023 12:51 AM
From: ariyap
Subject: Sending rogue and suspect rogue aps to the syslog server
thats the way to do it. WIDS info will be part of the Security logs.
what's your suspected and rogue AP rules that you configured?
------------------------------
If my post was useful accept solution and/or give kudos.
Any opinions expressed here are solely my own and not necessarily that of HPE or Aruba.
Original Message:
Sent: Dec 27, 2023 10:13 AM
From: cdelarosa
Subject: Sending rogue and suspect rogue aps to the syslog server
Hello!
Is there a way to do this? i got the syslog configured and i just can see on the syslog the interferring APs but not the rogue or suspect rogue aps
On the central i got it configured as rules, i mean the suspect and rogue aps like this
And even on the security we have debug
Which i bealive is the log that will send out the information about the Rogue AP and suspect rogue ap
Any ideas?