Wireless Access

last person joined: 21 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Logging user authentication success/failure

This thread has been viewed 27 times

  • 1.  Logging user authentication success/failure

    Posted Sep 28, 2012 09:45 AM

     

    on 6.1.3.2

     

    We used to get log messages indicating user authentication success/failure from our controllers.  At some point in the past this stopped, and I need to figure out how to restart it.  I figured it would be easy, but the Aruba manual entry on logging is singularly unhelpful in telling you what gets logged inside what category.

     

    I know the messages used to come with the "authmgr" tag on them and I found this COD from 2010

     

    COD for logging auths

     

    However I have not been able to get logging configured so that a "show log user 100" shows me users authenticating.  Lots of messages sure, but not the ones I need.

     

    # show logging level verbose

LOGGING LEVELS
--------------
Facility  Level      Sub Category  Process
--------  -----      ------------  -------
network   warnings   N/A           N/A
security  warnings   N/A           N/A
security  debugging  N/A           authmgr
system    warnings   N/A           N/A
user      warnings   N/A           N/A
wireless  warnings   N/A           N/A

     

    This config doesn't appear to work.  I'm checking first on the controller, not just on the syslog server.

     

    The messages I want used to look like this :

     

    Oct 8 06:34:48 example.com 2010 [128.143.222.18] authmgr[1742]: <522008> |authmgr| User authenticated: Name=zzzzz MAC=00:00:00:00:00:00 IP=x.x.x.x method=802.1x server=radius-server role=defintely-authenticated

     

    Anyone else have user auth logging set up and want to share their logging statements, or does this work for everyone else and I need to open a TAC case to investigate....

     

    Thanks

    Jeff

     

     



  • 2.  RE: Logging user authentication success/failure

    EMPLOYEE
    Posted Sep 28, 2012 10:03 AM

    Try this:

     

    (you want show log security 50)

     

    (host) #show logging level verbose 

LOGGING LEVELS
--------------
Facility  Level     Sub Category  Process
--------  -----     ------------  -------
network   warnings  N/A           N/A
security  warnings  N/A           N/A
system    warnings  N/A           N/A
user      warnings  N/A           N/A
wireless  warnings  N/A           N/A

(host) #configure t
Enter Configuration commands, one per line. End with CNTL/Z

(host) (config) #logging level debugging security process authmgr 
(host) (config) #exit
(host) #show log security 50

     



  • 3.  RE: Logging user authentication success/failure

    Posted Sep 28, 2012 11:10 AM

    Thanks

     

    Yes that gives me the logs for authmgr.  Apparently somewhere in the 6.x upgrade from 5.x, the logging messages changed because even setting the severity to DEBUG doesn't produces the "User Authenticated" messages we saw previously.  

     

    I found something sort of similar at the INFO level, but the verbosity of the logs on a busy controller at INFO is voluminous.  450+ messages/minute.  

     

    Its too bad becasue we had support staff trained to look in log dumps for those messages to help diagnose problems.