How can I configure my HiveManager to send SYSLOG to my Splunk server?

  • 1
  • Question
  • Updated 4 years ago
  • Answered
  • (Edited)
I have my HM set to act as a SYSLOG server for the AP's now how do I get HM to send its SYSLOG to my Splunk instance?
Photo of Eric Hastings

Eric Hastings

  • 2 Posts
  • 0 Reply Likes

Posted 5 years ago

  • 1
Photo of Adam Conway

Adam Conway

  • 101 Posts
  • 55 Reply Likes
Hi Eric,
The APs themselves need to send syslog to the Splunk server. HiveManager cannot forward the syslogs.
Photo of Eric Hastings

Eric Hastings

  • 2 Posts
  • 0 Reply Likes
Can the logs from HM its-self be sent to Splunk at least?
Photo of Adam Conway

Adam Conway

  • 101 Posts
  • 55 Reply Likes
Unfortunately not. I will send you a note off list to discuss your usecase.
Photo of Mohanantass

Mohanantass

  • 45 Posts
  • 0 Reply Likes
how do is set the log output to a syslog server in the AP ?
Photo of Patience

Patience

  • 61 Posts
  • 0 Reply Likes
How can I log the user login/authentication (WPA2 enterprise). I tried facility number 4 and user but could not find any syslog files in tech data? We need this to send log to CopySense.

-
Dhiraj
Photo of Amanda

Amanda

  • 396 Posts
  • 25 Reply Likes
This conversation was worthy of its own thread separate from the original conversation. Please reference the new topic here: How can I log the user login/authentication (WPA2 enterprise)
Photo of Andy Cannarella

Andy Cannarella

  • 31 Posts
  • 0 Reply Likes

I am doing this now but on a trial basis by going into the CLI and adding another line in the conf like below.

logging server 10.X.X.X level notification

The issue I see is when looking in Splunk is the events that are notification and worse show up but in the event it does not indicate which line is notification, warning, error, ect...  Does the logging not send the severity with the log?