Cloud Managed Networks

 View Only
  • 1.  Sending rogue and suspect rogue aps to the syslog server

    Posted Dec 27, 2023 10:13 AM

    Hello!

    Is there a way to do this? i got the syslog configured and i just can see on the syslog the interferring APs but not the rogue or suspect rogue aps

    On the central i got it configured as rules, i mean the suspect and rogue aps like this

    And even  on the  security we have debug 

    Which i bealive is the log that will send out the information about the Rogue AP and suspect rogue ap

    Any ideas? 



  • 2.  RE: Sending rogue and suspect rogue aps to the syslog server

    Posted Dec 31, 2023 12:51 AM

    thats the way to do it. WIDS info will be part of the Security logs.

    what's your suspected and rogue AP rules that you configured?



    ------------------------------
    If my post was useful accept solution and/or give kudos.
    Any opinions expressed here are solely my own and not necessarily that of HPE or Aruba.
    ------------------------------



  • 3.  RE: Sending rogue and suspect rogue aps to the syslog server

    Posted Jan 02, 2024 09:30 AM

    Hello Ariyap! happy new year!

    These are the rules

    System securty level is still on debug




  • 4.  RE: Sending rogue and suspect rogue aps to the syslog server

    Posted Jan 02, 2024 08:32 PM

    Happy new year to you too.

    everything looks to be in order. Perhaps you should contact our support services to resolve this. 



    ------------------------------
    If my post was useful accept solution and/or give kudos.
    Any opinions expressed here are solely my own and not necessarily that of HPE or Aruba.
    ------------------------------



  • 5.  RE: Sending rogue and suspect rogue aps to the syslog server
    Best Answer

    Posted Feb 28, 2024 12:12 AM
    Edited by cdelarosa Feb 28, 2024 12:13 AM

    Hello everyone In the end I had to resolve it myself in a lab I did 

    In the end, the Syslog facility that gives you the information is not the security one is the System one! 

    I was looking at the wrong one.  When I created the lab I put all the information and saw that it was coming from the system one.

    The client had that security facility on warning and it needed to be on notice at least

    When I changed it, they started getting the logs of the suspect rogues aps

    I have no idea why they are on the system facility but well they are.  They should be in there in the first place Ariyap?.

    Thanks