Find the access point a client was last connected 21 days ago + logs retention

  • 1
  • Question
  • Updated 1 year ago
Experts,

I am dealing with problem of finding a client (last known IP, MAC) and need to know to which AP was last connected (about 21 days ago). Also, I am trying to find the setting which allow me to extend the time so we can keep such logs for a month in terms of retention. 

Thank You, 
Photo of MST

MST

  • 152 Posts
  • 3 Reply Likes

Posted 1 year ago

  • 1
Photo of Gary Smith

Gary Smith, Official Rep

  • 299 Posts
  • 61 Reply Likes
Hi,

The likelyhood is that the logs wont go back that far unless default settings have already been changed.


For HM on-premise - The report settings should allow you to make the change to the defaults;



From the Help Guide;
"You can change the maximum number of reports stored in the database for all of your configured devices. Administering a large number of configured devices with many clients can cause searches through multiple historical records to be time consuming. By reducing the maximum number of searchable records, you can reduce the time it takes to complete your searches. Alternatively, if searching through a more complete set of records is more important to you than the time it takes to complete the search, you can increase the maximum number of searchable records. You can customize your reports to cover a wide spectrum of time and application usage, or narrow down the scope if you are interested in tracking very specific time periods and usage types." 

Kind Regards,
Gary Smith
(Edited)
Photo of MST

MST

  • 152 Posts
  • 3 Reply Likes
Thank Gary, This is very useful information. The only question is when I change that setting to double or triple how's that affects performance? 

I cannot find maximum time client stats data will be saved.
(Edited)
Photo of Gary Smith

Gary Smith, Official Rep

  • 299 Posts
  • 61 Reply Likes
What HM platform are you using? The settings that I mentioned are only visible to the super user. So therefore, not available on HMOL as a HMOL would be a VHM user and not an "All VHMs" user.

With regards to how much increasing the reporting will affect performance - I'm afraid I couldn't really say Reporting is happening all the time I guess the issue here would be data retention - assuming enough disk space. It would be based on home many AP's and clients are active on the HM.

Kind Regards,
Gary Smith
Photo of Luke Harris

Luke Harris

  • 265 Posts
  • 18 Reply Likes
Unfortunately this is a draw back within both the Hivemanager 6 and NG platforms. The amount of data retained for reporting is dependant on the size of your deployment, number of APs, authentication methods etc. as the larger it is, the more data it will collect. I remember a time before implementation of 802.1x among other changes where I would be able to get about 30 days using the standard reporting settings...these days I'm lucky if I get a week. 

This issue could have been and hopefully will be addressed in NG as the architecture is now better equipped for dealing with large amounts of data. However the reporting functions currently included within NG don't meet our organisational requirements.
Photo of MST

MST

  • 152 Posts
  • 3 Reply Likes
Thank You Luke and Gary, I use HM 6.8 virtual appliance. The storage assigned to it is 500GB; I wonder if there any way to move the logs out of another storage using daily cron or some rot of that. 
(Edited)
Photo of Luke Harris

Luke Harris

  • 265 Posts
  • 18 Reply Likes
There is always the option to export data logged by APs into an external syslog solution. This is often the recommendation made by Aerohive themselves. There are free options available such as Kiwi and Splunk which I have tried but I ended up settling on PRTG which we are currently using for other elements of network monitoring. Be aware that this will pull a lot of data and will require some fine tuning to produce useful reports.