Wired Intelligent Edge

I am new to Aruba gear and have a lab with a 2930F switch backing a Fortigate 60F router.

I recently added a Fortianalyzer VM appliance to serve as a log analyzer and syslog server for my lab. I have a bunch of devices flowing into the Fortianalyzer syslog ingestion, including a NAS, some Aruba APs, a proxy server, etc.

Everything is working fine except for the 2930F. When I initially configured the 2930F to send logs to the Fortianalyzer, everything worked as expected. But when I checked on the Fortianalyzer a bit later, the 2930F showed down and that it hadn't sent any logs since ~20 minutes since I configured it.

So, I ssh'd back into the 2930F to make sure I had written the config, etc. The config was fine, so I went back to the Fortianalyzer and, poof, it was back to sending logs. I chalked it up to gremlins and moved on. A while later, it's down again. After some thinking, the only thing I could figure is that logging into the 2930F somehow triggered it back into sending. So I logged back in and then refreshed the Fortianalyzer. Boom, back logging... Waited a bit, offline again. Confirmed it and now I am stumped.

I can't find anything online relating to this. Just a bunch of threads with people successfully configuring the 2930F to send to a syslog server, just like I did, none mentioning anything special required to make it continue sending logs.

I am guessing it's something simple, but I am at a loss.

Thoughts?

Could it be that there just aren't any log events during the time it's silent? If you log in, that triggers a log message, further link states (ports going up/down), config changes. In a stable network there may just not be too many log messages.

With the command 'show syslog statistics' you can check how many logs (and which category) are sent from the switch.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------

Original Message:
Sent: Jul 01, 2024 09:43 PM
From: Toby Horton
Subject: Weird syslog issue on 2930F switch

I am new to Aruba gear and have a lab with a 2930F switch backing a Fortigate 60F router.

I recently added a Fortianalyzer VM appliance to serve as a log analyzer and syslog server for my lab. I have a bunch of devices flowing into the Fortianalyzer syslog ingestion, including a NAS, some Aruba APs, a proxy server, etc.

Everything is working fine except for the 2930F. When I initially configured the 2930F to send logs to the Fortianalyzer, everything worked as expected. But when I checked on the Fortianalyzer a bit later, the 2930F showed down and that it hadn't sent any logs since ~20 minutes since I configured it.

So, I ssh'd back into the 2930F to make sure I had written the config, etc. The config was fine, so I went back to the Fortianalyzer and, poof, it was back to sending logs. I chalked it up to gremlins and moved on. A while later, it's down again. After some thinking, the only thing I could figure is that logging into the 2930F somehow triggered it back into sending. So I logged back in and then refreshed the Fortianalyzer. Boom, back logging... Waited a bit, offline again. Confirmed it and now I am stumped.

I can't find anything online relating to this. Just a bunch of threads with people successfully configuring the 2930F to send to a syslog server, just like I did, none mentioning anything special required to make it continue sending logs.

I am guessing it's something simple, but I am at a loss.

Thoughts?