Wireless Access

last person joined: 16 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Log msgs didn't arrive to configured syslog server, if format is bsd-standard

This thread has been viewed 3 times

  • 1.  Log msgs didn't arrive to configured syslog server, if format is bsd-standard

    Posted Aug 23, 2018 05:19 AM

    Hi!

     

    I have an MM-MD environment running AOS 8.3, I configured logging to remote syslog server based on the guide.

     

    Subnet is enabled on syslog server, and tcp dump is enabled on the appropriate interface of syslog server, but nothing is arrive from MDs subnet, if the format is bsd-standard.

     

    However, if I change the format to cef on MDs, log messages immediately arrive to server.

     

    I need for bsd-standard format for logging, why is not working?

     

    Thanks!

     

     



  • 2.  RE: Log msgs didn't arrive to configured syslog server, if format is bsd-standard

    EMPLOYEE
    Posted Aug 23, 2018 05:28 AM

    What kind of syslog server is this?



  • 3.  RE: Log msgs didn't arrive to configured syslog server, if format is bsd-standard

    Posted Aug 23, 2018 09:24 AM

    syslog-ng

     

    It works with other devices. (switches, asa, watchguard etc.)



  • 4.  RE: Log msgs didn't arrive to configured syslog server, if format is bsd-standard

    EMPLOYEE
    Posted Aug 23, 2018 01:45 PM

    Syslog is typically UDP 514.  Is that what port syslog-ng is listening on?



  • 5.  RE: Log msgs didn't arrive to configured syslog server, if format is bsd-standard

    Posted Aug 23, 2018 06:25 PM

    Of course.

     

    But I said, tcpdump is enabled on the interface, so every packet is visible, what arrives. (If I start a ping from MD to syslog-ng, it arrives, and seems in tcpdump.)

     

    If I change the format to cef, it works immediately. If I change it back to bsd-standard, it stops immediately.



  • 6.  RE: Log msgs didn't arrive to configured syslog server, if format is bsd-standard

    EMPLOYEE
    Posted Aug 23, 2018 06:55 PM
    All right.

    What version of ArubaOS is this?



  • 7.  RE: Log msgs didn't arrive to configured syslog server, if format is bsd-standard

    EMPLOYEE
    Posted Aug 23, 2018 07:23 PM

    So I just tried this on ArubaOS 8.3.0.2 and I am receiving syslog input on a generic syslog server.  If I MDC into the MD these are my settings:

     

     

    (aruba7005) [MDC] #show logging server

    Remote Server: 192.168.1.210

    FACILITY MAPPING TABLE
    ----------------------
    local-facility severity remote-facility CEF Format BSD RFC 3164 Compliance source-interface
    -------------- -------- --------------- ---------- ----------------------- ----------------
    All All local1 Disabled Enabled Disabled

    I did nothing besides change the logging level to debug to ensure that it was verbose enough to receive traffic.

     

     

    I also did "show datapath session table 192.168.1.210" to that server to ensure that the MD is sending traffic over port 514 to the syslog server:

    (aruba7005) [MDC] #show datapath session table 192.168.1.210 | include 514
192.168.1.3     192.168.1.210   17   514   514    1/4126  0    0   0   local       10   49         8677       FC              6
192.168.1.210   192.168.1.3     17   514   514    0/0     0    0   1   local       10   0          0          FY              6

    Did you try another syslog server?  Is there a firewall between the controller and the syslog server?