Wireless Access

I cannot get user authentication information to go to my syslog server so Palo alto can parse the logs for the username/IP.  I've tried multiple settings for the controller for logging.  Under what category/subcategory do I use to get the information?  What logging level? 

current effort:

User category / dot1x & radius subcategory with logging level informational for both.

Under the logging servers area, I have category User with severity informational.

Any help will be greatly appreciated.

Try this:  http://community.arubanetworks.com/t5/Command-of-the-Day/COTD-logging-authentication-events/m-p/5328/highlight/true#M220

Hi Colin,

Do you have the syslog export filter from the controller on how you got those specific message only.  I'm interested in passing username to ip mappings to palo.  Unfortunately I am still running AOS 6.3.1.13 so I do not have the 6.4 integration.  

Thanks,

Alfredo

You would do this:

config t
logging level notifications user process authmgr 
logging <ip address of PAN devices>

 To be clear, I have not tried to see if the output works on PAN with this method.

You can see the output by typing "show log user 50"

Thanks for the help Colin!  Worked like a charm.  I had the controllers pass the syslog messages over to our main syslog server and then trigger forward only the required entries with prper usernames.  We've have one heck of a battle trying to pass uid's correctly from cppm to palo.  The xml api didnt work as well as we thought for our environment.  This method I must say is probably the cleanest implementation to pass uid's over to the pan agent.  Thanks again!