Aruba Wireless is a secure, high-performance, multi-user wireless LAN supporting Wi-Fi 6. As workplaces and user expectations change, users can now maintain hybrid workplaces and IoT without compromising performance, reliability, or security.
- The syslog protocol uses port 11535, therefore, ensure that 11535 is allowed between the controller and the Forwarder IP. The source IP address of syslog messages is the IP address of the interface where the packet exits the controller. Multiple syslog servers can be defined. In this case, multiple copies of syslog messages will be sent.
Configuring Syslog on Aruba Wireless Controller to forward events
To configure a Syslog server and Syslog facility levels:
- Configure using UI, please follow the below procedure for the respective old & new UIs.
- Old UI
- In the Instant main window, click the System link.
- Click Show advanced options to display the advanced options.
- Click the Monitoring tab. The Monitoring tab details are displayed.
- New UI
- Go to Configuration > System.
- Click Show advanced options.
- Expand Monitoring tab. The Monitoring tab details are displayed.
- Old UI
2. In the Syslog server text box which is in the Servers section, enter the Forwarder IP address of the server to which you want to send system logs.
3. Select the required values to configure syslog facility levels. Syslog Facility is an information field associated with a syslog message. It is an application or operating system component that generates a log message. The following seven facilities are supported by Syslog:
- AP-Debug — Detailed log about the AP device.
- Network — Log about change of network, for example, when a new IAP is added to a network.
- Security — Log about network security, for example, when a client connects using wrong password.
- System — Log about configuration and system status.
- User — Important logs about client.
- User-Debug — Detailed log about client.
- Wireless — Log about radio.
4. Click OK.
- To send syslogs to an external server, issue the following command in 'config' mode:
(Instant AP)# configure terminal
- To configure a syslog server(Forwarder IP address to be given):
(Instant AP)(config)# syslog-server <IP-address>
- To configure syslog facility levels:
(Instant AP)(config)# syslog-level <logging-level>[ap-debug |network |security |system |user | user-debug | wireless]
- To view syslog logging levels:
(Instant AP)# show syslog-level
- Once the configuration is completed, need to validate the logs in chronicle using a regular expression as (".*") this expression or with specific hostname, will provide the log source types which are ingesting to chronicle, below is the screen shot for reference.