Hi
We are trying to configure Aruba Controller with IBM Qradar Syslog server and not able to suppress ap logs to the IBM Qradar Syslog server.
We need logs from the Mobility controller only not from all AP's.
config at wlc (Aruba Controller)
voice logging
logging 192.168.X.X type network severity informational facility local7
logging 192.168.X.X type security severity informational facility local7
logging 192.168.X.X type system severity informational facility local7
AP logs received at IBM Qradar ( Syslog server)
<190>Apr 18 04:08:07 2016 172.21.11.58 stm[6795]: trace_on: tracing to "/var/log/trace/stm.log" started |
<190>Apr 18 04:01:39 2016 172.21.11.58 stm[6795]: trace_rotate_file: rotating /var/log/trace/stm.log |
<188>Apr 17 23:23:07 2016 172.21.11.36 sapd[4871]: <404068> <WARN> |AP MXXoom@172.X.X.X sapd| AM 94:b4:0f:84:a9:a0: ARM Noise Threshold Trigger Current Channel 6 new_rra 11/6 |
Device Stopped Sending Events (Firewall, IPS, VPN or Switch) |