Wireless Access

Reply
Highlighted
Occasional Contributor II

Syslog Sanity Check

I'm looking to update our logging statements to integrate our wireless platform better with our Splunk deployment, but I've run into a frustrating configuration issue. The messages I'm concerned with right now are message id 501199:

User authenticated, mac-[mac:%m], username-[name:%s], IP-[ip:%p], method- [method:%d], role-[role:%s

This is a NOTICE level message according to the 6.4.x Syslog Messages Guide. My logging level for my Splunk collectors are set to INFORMATIONAL, but I do not receive these messages. TAC has told be that I need to set my logging level to debugging in order to receive this message. That method works and I receive the message above with severity level of NOTICE, but with my logging level set to debugging, I end up with a huge amount of additional logs.

 

Am I missing something very obvious here? Every other device that I set up logging for, I choose the severity level in my log server statement and all syslog messages with that severity and worse are then forwarded. Does Aruba have a different method?

Trusted Contributor I

Re: Syslog Sanity Check

your already in contact with TAC, ask them i would say. in principe it works like with other devices in my experience, but haven't worked specially with this message so it might be different.

Occasional Contributor I

Re: Syslog Sanity Check

I had success getting this message when using these settings. 

<501199> <NOTI> <IAP IP address/IAP MAC> User authenticated, mac-[mac:%m], username-[name:%s], IP-[ip:%p], method-[method:%s],role-[role:%s]

Firmware 6.4

syslog notice.PNG

 

Occasional Contributor II

Re: Syslog Sanity Check

Thanks for the response. That confirms that the IAP platform behaves as I expected. Looks like the AOS platform handles logging differently.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: