Wired Intelligent Edge (Campus Switching and Routing)

Reply
Contributor II

AOS-CX (10.03+) 8320: Missing ACL SYSLOG messages ???

One syslog question at the end of POST......

 

Current 8320 logging and debug settings:

logging 10.10.10.55
logging facility local6

-----

HPE-AOSCX8320# show debug

------------------------------------------------------------------------------------------

module sub_module severity vlan port ip mac instance vrf

------------------------------------------------------------------------------------------

acl        acl_log         debug     ----- ----- ----- ----- ----- -----


HPE-AOSCX8320# show debug dest

---------------------------------------------------------------------

show debug destination

---------------------------------------------------------------------

SYSLOG:debug

 

===

HPE-AOSCX8320# show deb buf | incl "VLAN-111-ACL" | incl "1/1/48"

 

2019-10-04:04:51:52.827703|ops-switchd|LOG_INFO|AMM|-|ACL|ACL_LOG|List VLAN-111-ACL, seq# 999 denied udp 10.111.100.222(67)..............

 

>>> above is an exerpt of the debug buffer output  that I expected to be sent to the syslog server <<<

------------------------------------------------------------------------

 

QUESTION:

What am I missing???  No DEBUG 8320 messages are being received by the SYSLOG (10.10.10.55) server.  Yes, I can ping the syslog server from the 8320 and many other hosts are successfully sending messages to the syslog (10.10.10.55) server.

 

Thanks in advance.

MVP Expert

Re: AOS-CX (10.03+) 8320: Missing ACL SYSLOG messages ???

What the configuration of the ACL ?

the log is enable ?



PowerArubaSW: Powershell Module to use Aruba Switch API for Vlan, VlanPorts, LACP, LLDP... More info

PowerArubaCP: Powershell Module to use ClearPass API (create NAD, Guest...) More info

PowerArubaCX: Powershell Module to use ArubaCX API (get interface/vlan/ports info)

PowerArubaIAP: Powershell Module to use Aruba Instant AP

PowerArubaMC: Powershell Module to use Mobility Controller / Master


ACMP 6.4 / ACMX #107 / ACCP 6.5 / ACSP
Contributor II

Re: AOS-CX (10.03+) 8320: Missing ACL SYSLOG messages ???

Hence my qustion, what am I missing????

 

I believe the LOGGING is enabled via:

 

logging 10.10.10.55
logging facility local6

debug destination syslog}

debug acl log

 

SAMPLE ACL:

163 deny any 0.0.0.0/0.0.0.0 0.0.0.0/0.0.0.0 log count

 

where the hitcounts is over 800 but no syslog messages, only the debug BUFFER is reflecting the ACL messages similar to>>>

2019-10-04:09:06:35.707513|ops-switchd|LOG_INFO|AMM|-|ACL|ACL_LOG|List ACLv4-VLAN-222-IN, seq# 163 denied udp 0.0.0.0(68) -> 255.255.255.255(67)

 

Thank you.

MVP Expert

Re: AOS-CX (10.03+) 8320: Missing ACL SYSLOG messages ???


@aoscx-noob wrote: I believe the LOGGING is enabled via:

 

logging 10.10.10.55
logging facility local6

debug destination syslog}

debug acl log


Shouldn't instead syslog forwarding to a remote syslog server be enabled through the logging remote-syslog-server-ip-address severity debug command on ArubaOS-CX?

 

Eventually you are permitted to also specify the VRF that should be used to reach the remote syslog server.

 

Contributor II

Re: AOS-CX (10.03+) 8320: Missing ACL SYSLOG messages ???

Thank you parnassus.

Will try the "logging remote-syslog-server-ip-address severity debug" and report back as a post.

Contributor II

Re: AOS-CX (10.03+) 8320: Missing ACL SYSLOG messages ???

No syslog messages were generated using:

 

  • Shouldn't instead syslog forwarding to a remote syslog server be enabled through the logging remote-syslog-server-ip-address severity debug command on ArubaOS-CX?

I am beginning to believe there is an AOS-CX 10.03 "logging" bug.

Highlighted
MVP Expert

Re: AOS-CX (10.03+) 8320: Missing ACL SYSLOG messages ???

Is your remote syslog server available via mgmt vrf or what?

Contributor II

Re: AOS-CX (10.03+) 8320: Missing ACL SYSLOG messages ???

 

>>>> Is your remote syslog server available via mgmt vrf or what?

 

Assuming I understand your question:

 

Our syslog server part of our standard server VLAN (subnet). I can ping the syslog server from the 8320.  Whole 8320 uses default vrf.

MVP Expert

Re: AOS-CX (10.03+) 8320: Missing ACL SYSLOG messages ???

ask the TAC... (or waiting Vincent Giles !)



PowerArubaSW: Powershell Module to use Aruba Switch API for Vlan, VlanPorts, LACP, LLDP... More info

PowerArubaCP: Powershell Module to use ClearPass API (create NAD, Guest...) More info

PowerArubaCX: Powershell Module to use ArubaCX API (get interface/vlan/ports info)

PowerArubaIAP: Powershell Module to use Aruba Instant AP

PowerArubaMC: Powershell Module to use Mobility Controller / Master


ACMP 6.4 / ACMX #107 / ACCP 6.5 / ACSP
Contributor II

Re: AOS-CX (10.03+) 8320: Missing ACL SYSLOG messages ???

IN REVIEW:

 

I accepted alagoutte's total post interaction mainly because he was willing to dialogue about LOGGING.  The interaction helped me think, look at the problem uniquely thanks to alagoutte, and  prove my original LOGGING understanding was correct but the AOS-CX (10.03.0031) buggy.

 

Steps for my work-around:

1. debug acl log sev info

2. waited 12 hours

3. debug acl log sev debug

4. waited 12 hours

5. debug acl log sev info

 

NOTE:  waiting 12 hours was not planned nor is it necessarily part of the work-around....the WAIT is what happened due to "life happening."

 

BOTTOMLINE:   ACL LOG messages are now being sent to our SYSLOG.

 

POST UPDATED (201910081339 CT) I upgraded the 8320 to ArubaOS-CX 10.03.0040 and did not need the previously mentioned "work-around" steps.

 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: