We're running a small trial of AP550's, AP250's and a single AP150. We're running on current NG 11.28 and a mix of Hive OS 8.1r1, 8.1r2 and 8.1r2a.
I've configured syslog servers, set them to info and then debug, but the only messages coming through seem to be the same as the output of a "sh log messages" from the cli of an AP which is basically showing nothing of much use.
apname#sh log messages
<181>1 2017-12-06T10:05:30.009996+00:00 aerohive -ah_cli_ui: [security-5--ah_cli_ui-#104004]Admin "<admin>" successfully logged in
<133>1 2017-12-06T07:22:26.298185+00:00 aerohive ah_top: [system-5-ah_top-#106001]System is initialized
This can't possibly be all that we should be logging? I'd expect to be seeing reams of information constantly hitting the syslog servers. What am I missing?
I've configured syslog servers, set them to info and then debug, but the only messages coming through seem to be the same as the output of a "sh log messages" from the cli of an AP which is basically showing nothing of much use.
apname#sh log messages
<181>1 2017-12-06T10:05:30.009996+00:00 aerohive -ah_cli_ui: [security-5--ah_cli_ui-#104004]Admin "<admin>" successfully logged in
<133>1 2017-12-06T07:22:26.298185+00:00 aerohive ah_top: [system-5-ah_top-#106001]System is initialized
This can't possibly be all that we should be logging? I'd expect to be seeing reams of information constantly hitting the syslog servers. What am I missing?
Posted 6 months ago
Nick Lowe, Official Rep
Nick Lowe, Official Rep
Hello,
Having the same issue now with 8.2.r1. Do you know if this was fixed? If I downgrade the APs to version 6.5r6 or 6.5.r8b, the INFO syslog messages are much detailed and include the IP Address and Username of users during the authentication process. We use this for user identification for our firewall so is crucial for us.
I have wireshark captures from both firmware versions if someone wants to have a look.
Kind regards,
Edward
Nick Lowe, Official Rep
Hi Edward.
For Palo-Alto integration with NPS, can I suggest you look at this method of integration which does not use Syslog:
https://github.com/cesanetwan/scripts/wiki/CEFilter-UID-RADIUS-script
https://github.com/cesanetwan/uid-radius-script-ps/wiki
This will not work, however, where HiveOS is acting as the RADIUS server or a different third-party RADIUS server is used.
(It is often better to use NPS than the built-in RADIUS server for this type of deployment scenario.)
I will do some background investigation on the Syslog side of things.
Cheers,
Nick
For Palo-Alto integration with NPS, can I suggest you look at this method of integration which does not use Syslog:
https://github.com/cesanetwan/scripts/wiki/CEFilter-UID-RADIUS-script
https://github.com/cesanetwan/uid-radius-script-ps/wiki
This will not work, however, where HiveOS is acting as the RADIUS server or a different third-party RADIUS server is used.
(It is often better to use NPS than the built-in RADIUS server for this type of deployment scenario.)
I will do some background investigation on the Syslog side of things.
Cheers,
Nick
(Edited)
We're actually using a couple of Aerohive APs as RADIUS servers and not MS NPS. This has always worked well in the past but we're dependant on the other APs syslog messages to our syslog server to capture the Username/IP mapping. Thanks for looking into it, I've opened a support case as well so will post an update once I hear back.
Thanks again,
Edward
Nick Lowe, Official Rep
Hi Edward,
I am going to progress the Syslog issue with the product management team and potentially via a CFD. Stay tuned...
Regards,
Nick
I am going to progress the Syslog issue with the product management team and potentially via a CFD. Stay tuned...
Regards,
Nick
(Edited)
Hi Nick,
can you give us an update regarding this issue ? is a patch already available ?
Thank you
Best Regards
Eric
can you give us an update regarding this issue ? is a patch already available ?
Thank you
Best Regards
Eric
Hi Eric,
We have an SR open with Aerohive and we are waiting for a fix for this. This was the latest update from a couple weeks ago:
" Based on our discussions with the product management team, it is currently looking like a solution for this is most likely to come mid to late Q2 2018 with HiveOS releases that are due after 8.3r2, and the companion HMNG release that is due around that time. "
Not sure if Nick has any other info?
Kind regards,
Edward
