on 6.1.3.2
We used to get log messages indicating user authentication success/failure from our controllers. At some point in the past this stopped, and I need to figure out how to restart it. I figured it would be easy, but the Aruba manual entry on logging is singularly unhelpful in telling you what gets logged inside what category.
I know the messages used to come with the "authmgr" tag on them and I found this COD from 2010
COD for logging auths
However I have not been able to get logging configured so that a "show log user 100" shows me users authenticating. Lots of messages sure, but not the ones I need.
# show logging level verbose
LOGGING LEVELS
--------------
Facility Level Sub Category Process
-------- ----- ------------ -------
network warnings N/A N/A
security warnings N/A N/A
security debugging N/A authmgr
system warnings N/A N/A
user warnings N/A N/A
wireless warnings N/A N/A
This config doesn't appear to work. I'm checking first on the controller, not just on the syslog server.
The messages I want used to look like this :
Oct 8 06:34:48 example.com 2010 [128.143.222.18] authmgr[1742]: <522008> |authmgr| User authenticated: Name=zzzzz MAC=00:00:00:00:00:00 IP=x.x.x.x method=802.1x server=radius-server role=defintely-authenticated
Anyone else have user auth logging set up and want to share their logging statements, or does this work for everyone else and I need to open a TAC case to investigate....
Thanks
Jeff