Code : ArubaOS 6.3 and above
Enable per-user log files for AAA events.
By default, logging is always enabled. Issue the no aaa log command to disable per-user logging and reenable it again using the command aaa log. The 7200 Series controllerssupport 1KB of log files per user for up to 32,000 users, and 6000and 3600 controllers support 1KB of log files per user for up to 16,000 users.
Example
The example below enables per-user AAA log files.
(host)(config) #aaa log
This feature is actually enables per user auth-tracebuf .In scale environment when you want to collect auth-tracebuf for particular user, before 6.3 one has to setup user-debug for that particular user/MAC. Now with this auth-enhancement, once you have per-user log enabled.
Since these are huge files, it not present in the archive. These are in memory and We have show commands to show the logs. When you dump the core for AUTH, we will get the logs from core.You can dump user-log information with following command.
Show per-user Log
show user-table mac <mac-address> log
show user-table ip <ip-address> log
show ipv6 user-table ip <ipv6-address> log
Show global log
Show aaa state log
Show aaa state log info
Enable/Disable
[no] aaa log
show aaa state configuration
Display per-user Buffer
Dump per-user buffer in Chronological order
Command: “show user-table mac <mac> log”
Display Global Buffer
Dump global buffer in Chronological order
May have entries with “| <addr>” which indicates the user for which it is logged (user_t may not be available at the time of logging).
Command: “show aaa state log“
One Command to show meta-data for all global and per-user logs:
“show aaa state log info“
[L] or [E] signifies if the log is Log (L) or Error (E)
(Aruba) #show user-table mac 50:a4:c8:bd:be:41 log
1: At Thu Apr 11 10:43:50: [L] Type station-up * id 0 len 0, bssid 6c:f3:7f:5f:2c:a0
2: At Thu Apr 11 10:43:50: [L] Type station-data-ready * id 10 len 0, bssid 00:00:00:00:00:00
3: At Thu Apr 11 10:43:50: [L] Type station-data-ready_req * id 0 len 0, bssid 00:00:00:00:00:00
4: At Thu Apr 11 10:43:50: [L] Type client-finish -> id 0 len 0, bssid 6c:f3:7f:5f:2c:a0
5: At Thu Apr 11 10:43:50: [L] Type server-finish <- id 0 len 61, bssid 6c:f3:7f:5f:2c:a0
6: At Thu Apr 11 10:43:50: [L] Type server-finish-ack -> id 0 len 0, bssid 6c:f3:7f:5f:2c:a0
(Aruba) #show aaa state log
1: At Thu Apr 11 10:41:27: [L] Type cert-downloaded * id 0 len 0, bssid 00:00:00:00:00:00 | mac: 00:00:00:00:00:00
2: At Thu Apr 11 10:43:17: [L] Type ap-up * id 0 len 0, bssid 6c:f3:7f:5f:2c:b0 | mac: 00:00:00:00:00:00
3: At Thu Apr 11 10:43:17: [L] Type ap-up * id 0 len 0, bssid 6c:f3:7f:5f:2c:a0 | mac: 00:00:00:00:00:00
4: At Thu Apr 11 10:43:50: [L] Type station-term-start * id 10 len 0, bssid 6c:f3:7f:5f:2c:a0 | mac: 50:a4:c8:bd:be:41
5: At Thu Apr 11 10:43:50: [L] Type station-data-ready_ack * id 10 len 0, bssid 00:00:00:00:00:00 | mac: 50:a4:c8:bd:be:41
6: At Thu Apr 11 10:43:50: [L] Type station-data-ready_ack * id 10 len 0, bssid 00:00:00:00:00:00 | mac: 50:a4:c8:bd:be:41
7: At Thu Apr 11 10:49:11: [L] Type station-term-start * id 10 len 0, bssid 6c:f3:7f:5f:2c:a0 | mac: 50:a4:c8:bd:be:41
(Aruba) (config) #show aaa state configuration
Authentication State
.....
.....
Idled users = 0
fast age = Disabled
per-user log = Enabled
Bandwith contracts = 0/0
IP takeovers = 0
Ping/SYN/Sess/CP attacks = 0/0/0/0
Command Information:-
Platforms supported:- 6000, 3600 and 7200 Series controllers
Licensing :- Base operating system
Command Mode :- Enable or Config mode on master or local controllers