Log retention

  • 1
  • Question
  • Updated 4 years ago
  • Answered
How is everyone handling mid to long term log retention? When I run reports for instance showing location tracking of a certain MAC address or user credential, the reports can only go back as far as the local storage on the independent APs. The same goes for application visibility logging. I need to have the ability to track a users connection logs for 30+ days, which I am not able to do right now. I sometimes can't even pull data for 2 weeks back.

The speed that the reports take to generate is also very long. I am using HMOL.

How are you handling this?
Photo of Chris Adams

Chris Adams

  • 2 Posts
  • 0 Reply Likes

Posted 4 years ago

  • 1
Photo of Nick Lowe

Nick Lowe, Official Rep

  • 2491 Posts
  • 451 Reply Likes
First off, where you are having performance issues with HMOL, you should open a support case to see what can be done.

You could also ask about data retention concerns via another case.

I only use HMOL for configuration changes, troubleshooting and oversight purposes, so have sidestepped this.

For retention purposes, I use an external NPS-based RADIUS infrastructure that is logged and can be queried.

That RADIUS infrastructure is then integrated with PaloAlto firewalls via a Single-Sign-On (SSO) process. It also then performs logging for clients as they use the Internet.

How are you authenticating your users? Only if clients are 802.1X authenticated will you get accounting information. Unfortunately, as odd as it might sound, RADIUS accounting for PSK/PPSK users is not yet performed by HiveOS.
Photo of Chris Adams

Chris Adams

  • 2 Posts
  • 0 Reply Likes
I have a mixture of 802.1x and open networks. Hopefully I will be purely 802.1x in the near future.I am authenticating 802.1x against a NPS server which does have good logging with event viewer.

While the NPS logging does help, I do like the troubleshooting information like client performance, etc in the reports which NPS cannot log.