Wireless Access

Reply
Highlighted
Occasional Contributor II

Log msgs didn't arrive to configured syslog server, if format is bsd-standard

Hi!

 

I have an MM-MD environment running AOS 8.3, I configured logging to remote syslog server based on the guide.

 

Subnet is enabled on syslog server, and tcp dump is enabled on the appropriate interface of syslog server, but nothing is arrive from MDs subnet, if the format is bsd-standard.

 

However, if I change the format to cef on MDs, log messages immediately arrive to server.

 

I need for bsd-standard format for logging, why is not working?

 

Thanks!

 

 

Guru Elite

Re: Log msgs didn't arrive to configured syslog server, if format is bsd-standard

What kind of syslog server is this?


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars
Occasional Contributor II

Re: Log msgs didn't arrive to configured syslog server, if format is bsd-standard

syslog-ng

 

It works with other devices. (switches, asa, watchguard etc.)

Guru Elite

Re: Log msgs didn't arrive to configured syslog server, if format is bsd-standard

Syslog is typically UDP 514.  Is that what port syslog-ng is listening on?


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars
Occasional Contributor II

Re: Log msgs didn't arrive to configured syslog server, if format is bsd-standard

Of course.

 

But I said, tcpdump is enabled on the interface, so every packet is visible, what arrives. (If I start a ping from MD to syslog-ng, it arrives, and seems in tcpdump.)

 

If I change the format to cef, it works immediately. If I change it back to bsd-standard, it stops immediately.

Guru Elite

Re: Log msgs didn't arrive to configured syslog server, if format is bsd-standard

All right.

What version of ArubaOS is this?


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars
Guru Elite

Re: Log msgs didn't arrive to configured syslog server, if format is bsd-standard

So I just tried this on ArubaOS 8.3.0.2 and I am receiving syslog input on a generic syslog server.  If I MDC into the MD these are my settings:

 

 

(aruba7005) [MDC] #show logging server

Remote Server: 192.168.1.210

FACILITY MAPPING TABLE
----------------------
local-facility severity remote-facility CEF Format BSD RFC 3164 Compliance source-interface
-------------- -------- --------------- ---------- ----------------------- ----------------
All All local1 Disabled Enabled Disabled

I did nothing besides change the logging level to debug to ensure that it was verbose enough to receive traffic.

 

 

I also did "show datapath session table 192.168.1.210" to that server to ensure that the MD is sending traffic over port 514 to the syslog server:

(aruba7005) [MDC] #show datapath session table 192.168.1.210 | include 514
192.168.1.3     192.168.1.210   17   514   514    1/4126  0    0   0   local       10   49         8677       FC              6
192.168.1.210   192.168.1.3     17   514   514    0/0     0    0   1   local       10   0          0          FY              6

Did you try another syslog server?  Is there a firewall between the controller and the syslog server?

 

 

 

 


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: