Use https://seceonhelp.freshdesk.com/support/login to access updated Knowledge Base Articles, Submit Technical Support Tickets and Review Status of submitted support tickets.
Aruba Controller Syslog configuration
Overview
One can specify a Syslog server for sending Syslog messages to external servers by using the WebUI or the CLI in Aruba Controller.
Ref. link: Configuring a Syslog Server in the Aruba Controller.
Steps Of Configuration
In the Old WebUI
To configure a Syslog server and Syslog facility levels:
In the Instant main window, click the System link.
2. Click Show advanced options to display the advanced options.
3. Click the Monitoring tab.
4. In the Syslog server text box which is in the Servers section, enter the IP address of the server to which you want to send system logs.
5. Select the required values to configure syslog facility levels. Syslog Facility is an information field associated with a syslog message. It is an application or operating system component that generates a log message. The following seven facilities are supported by Syslog:
>>Ap-Debug—Detailed log about the Instant AP device.
>>Network—Log about the change of network; for example, when a new Instant AP is added to a network.
>>Security—Log about network security; for example, when a client connects using the wrong password.
>>System—Log about configuration and system status.
>>User—Important logs about the client.
>>User-Debug—Detailed logs about client debugging.
>>Wireless—Log about radio.
The following table describes the logging levels in the Syslog drop-down list, in order of severity from the most severe to the least severe.
Table 1:Logging Levels
Logging level Description
>>Emergency:-Panic conditions that occur when the system becomes unusable.
>>Alert-Any condition requiring immediate attention and correction.
>>Critical-Any critical conditions such as a hard drive error.
>>Errors-Error conditions.
>>Warning-Warning messages.
>>Notice-Significant events of a noncritical and normal nature. The default value for all Syslog facilities.
>>Information-Messages of general interest to system users.
Go to Configuration > System.
2.Click Show advanced options.
3. Expand Monitoring.
4.In the Syslog server text box which is in the Servers section, enter the IP address of the server to which you want to send system logs.
5.In the Syslog Facility Levels section, select the required values to configure syslog facility levels. Syslog Facility is an information field associated with a syslog message. It is an application or operating system component that generates a log message. The following seven facilities are supported by Syslog:
>>System—Log about configuration and system status.
>>Ap-Debug—Detailed log about the Instant AP device.
>>User—Important logs about client.
>>Network—Log about change of network; for example, when a new Instant AP is added to a network.
>>User-Debug—Detailed logs about client debugging.
>>Security—Log about network security; for example, when a client connects using wrong password.
>>Wireless—Log about radio.
The following table describes the logging levels in the Syslog drop-down list, in order of severity from the most severe to the least severe.
Table 2-Logging levels
>>Emergency-Panic conditions that occur when the system becomes unusable.
>>Alert-Any condition requiring immediate attention and correction.
>>Critical-Any critical conditions such as a hard drive error.
>>Error-Error conditions.
>>Warning-Warning messages.
>>Notice-Significant events of a noncritical and normal nature. The default value for all Syslog facilities.
>Info-Messages of general interest to system users.
>>Debug-Messages containing information useful for debugging.
6-Click save
In the CLI
>>To configure a syslog server:(Instant AP)(config)# syslog-server <IP-address>
>>To configure syslog facility levels:(Instant AP)(config)# syslog-level <logging-level>[ap-debug |network |security |system |user | user-debug | wireless]
>>To view syslog logging levels:(Instant AP)# show syslog-level
Logging Level
-------------
Facility Level
-------- -----
ap-debug warn
network warn
security warn
system warn
user warn
user-debug warn
wireless error
VERIFICATION OF CONFIGURATION
Verification can be done either from CCE Server or from UI.
Using UI
STEP 1: Log in to UI >> SYSTEM
STEP 2: >> LOGS AND FLOWS COLLECTION STATUS .
STEP 3: >>Inside SOURCE DEVICE IP, IP will reflect.
Using CCE SERVER
“sudo tcpdump -i any host 514 and host <IP address> -AAA” command should be ran on CCE server to check whether or not we are getting logs .
LVerVogginVvelLogg
Seceon Inc. All rights reserved. https://www.seceon.com