Command of the Day

Administrators would like to be able to track who is logging into their networks and find out what time, what server, which mac address, ip address, authentication type, username and what role the user is assigned. Starting in ArubaOS 3.3.2.8, all that information is on a single line. You first need to ensure that user logging is on with level "informational":

config t
logging level informational user
exit

The specific message# that logs messages is 522008 so you would just grep for them using the 'include' parameter for the text 522008 on the commandline, or just search for that string in your syslogs on your server:

show log user all | include 522008
(Aruba-1.TESTDOMAIN.com) #show log user all | include 522008
Jan 4 09:41:27 :522008: |authmgr| User authenticated: Name=bcollins MAC=00:1c:b3:bc:77:ff IP=172.16.219.1 method=802.1x server=IAS-Radius1 role=testdomain-employee
Jan 4 09:41:45 :522008: |authmgr| User authenticated: Name=bcollins MAC=00:1c:b3:bc:77:ff IP=172.16.113.1 method=802.1x server=IAS-Radius1 role=testdomain-employee
Jan 4 09:41:48 :522008: |authmgr| User authenticated: Name=bchildress MAC=00:1b:63:f0:42:38 IP=172.16.171.1 method=802.1x server=IAS-Radius1 role=testdomain-employee
Jan 4 09:42:20 :522008: |authmgr| User authenticated: Name=bchildress MAC=00:1b:63:f0:42:38 IP=172.16.65.1 method=802.1x server=IAS-Radius1 role=testdomain-employee
Jan 4 09:44:58 :522008: |authmgr| User authenticated: Name=rbradshaw MAC=00:14:a4:27:fb:18 IP=192.168.231.1 method=802.1x server=IAS-Radius1 role=testdomain-employee
Jan 4 09:45:05 :522008: |authmgr| User authenticated: Name=rbradshaw MAC=00:14:a4:27:fb:18 IP=192.168.233.1 method=802.1x server=IAS-Radius1 role=testdomain-employee
Jan 4 09:46:02 :522008: |authmgr| User authenticated: Name=TESTDOMAIN\apetersen MAC=00:19:7e:66:93:e3 IP=192.168.198.1 method=802.1x server=IAS-Radius1 role=testdomain-employee
Jan 4 09:46:16 :522008: |authmgr| User authenticated: Name=TESTDOMAIN\apetersen MAC=00:19:7e:66:93:e3 IP=192.168.248.1 method=802.1x server=IAS-Radius1 role=testdomain-employee
Jan 4 09:50:31 :522008: |authmgr| User authenticated: Name=TESTDOMAIN\mcarr MAC=00:19:7e:30:d7:3e IP=192.168.88.1 method=802.1x server=IAS-Radius1 role=testdomain-employee
Jan 4 09:51:39 :522008: |authmgr| User authenticated: Name=TESTDOMAIN\mcarr MAC=00:19:7e:30:d7:3e IP=192.168.125.1 method=802.1x server=IAS-Radius1 role=testdomain-employee

If you only wanted information on a particular user's mac address, you would do a 'show log' including ONLY the user's mac address like so:

show log user all | include 00:1c:b3:bc:77:ff
Happy Holidays!