Why aren't we seeing any syslog messages from our AP's?

  • 3
  • Question
  • Updated 5 months ago
We're running a small trial of AP550's, AP250's and a single AP150. We're running on current NG 11.28 and a mix of Hive OS 8.1r1, 8.1r2 and 8.1r2a.

I've configured syslog servers, set them to info and then debug, but the only messages coming through seem to be the same as the output of a "sh log messages" from the cli of an AP which is basically showing nothing of much use.

apname#sh log messages
<181>1 2017-12-06T10:05:30.009996+00:00 aerohive -ah_cli_ui: [security-5--ah_cli_ui-#104004]Admin "<admin>" successfully logged in
<133>1 2017-12-06T07:22:26.298185+00:00 aerohive ah_top: [system-5-ah_top-#106001]System is initialized

This can't possibly be all that we should be logging? I'd expect to be seeing reams of information constantly hitting the syslog servers. What am I missing?
Photo of Paul Smith

Paul Smith

  • 9 Posts
  • 0 Reply Likes
  • frustrated

Posted 8 months ago

  • 3
Photo of Nick Lowe

Nick Lowe, Official Rep

  • 2491 Posts
  • 451 Reply Likes
Hi Paul,

There is a redesign of Syslog in progress that started with HiveOS 8.1r1. You should see far more Syslog data with HiveOS 8.2r1 when this becomes available.

Thanks,

Nick
(Edited)
Photo of Paul Smith

Paul Smith

  • 9 Posts
  • 0 Reply Likes
Thanks for getting back to me Nick. Do we have an eta on that? It's a pretty major feature to be missing whilst we're evaluating different vendors.
Photo of Nick Lowe

Nick Lowe, Official Rep

  • 2491 Posts
  • 451 Reply Likes
Hi Paul,

Can you send me an email at nlowe {at} aerohive.com so that I can reply to you with additional information?

Thanks,

Nick
(Edited)
Photo of Edward Marshall

Edward Marshall

  • 7 Posts
  • 0 Reply Likes

Hello,

Having the same issue now with 8.2.r1. Do you know if this was fixed? If I downgrade the APs to version 6.5r6 or 6.5.r8b, the INFO syslog messages are much detailed and include the IP Address and Username of users during the authentication process. We use this for user identification for our firewall so is crucial for us.

I have wireshark captures from both firmware versions if someone wants to have a look.

Kind regards,

Edward

Photo of Nick Lowe

Nick Lowe, Official Rep

  • 2491 Posts
  • 451 Reply Likes
Hi Edward.

For Palo-Alto integration with NPS, can I suggest you look at this method of integration which does not use Syslog:

https://github.com/cesanetwan/scripts/wiki/CEFilter-UID-RADIUS-script
https://github.com/cesanetwan/uid-radius-script-ps/wiki

This will not work, however, where HiveOS is acting as the RADIUS server or a different third-party RADIUS server is used.

(It is often better to use NPS than the built-in RADIUS server for this type of deployment scenario.)

I will do some background investigation on the Syslog side of things.

Cheers,

Nick
(Edited)
Photo of Edward Marshall

Edward Marshall

  • 7 Posts
  • 0 Reply Likes

We're actually using a couple of Aerohive APs as RADIUS servers and not MS NPS. This has always worked well in the past but we're dependant on the other APs syslog messages to our syslog server to capture the Username/IP mapping. Thanks for looking into it, I've opened a support case as well so will post an update once I hear back.

Thanks again,

Edward

Photo of Nick Lowe

Nick Lowe, Official Rep

  • 2491 Posts
  • 451 Reply Likes
Hi Edward,

I am going to progress the Syslog issue with the product management team and potentially via a CFD. Stay tuned...

Regards,

Nick
(Edited)
Photo of Eric Geiger

Eric Geiger

  • 1 Post
  • 0 Reply Likes
Hi Nick,

can you give us an update regarding this issue ? is a patch already available ?

Thank you

Best Regards

Eric
Photo of Edward Marshall

Edward Marshall

  • 7 Posts
  • 0 Reply Likes

Hi Eric,

We have an SR open with Aerohive and we are waiting for a fix for this. This was the latest update from a couple weeks ago:

" Based on our discussions with the product management team, it is currently looking like a solution for this is most likely to come mid to late Q2 2018 with HiveOS releases that are due after 8.3r2, and the companion HMNG release that is due around that time. "

Not sure if Nick has any other info?

Kind regards,

Edward