I've configured syslog servers, set them to info and then debug, but the only messages coming through seem to be the same as the output of a "sh log messages" from the cli of an AP which is basically showing nothing of much use.
apname#sh log messages
<181>1 2017-12-06T10:05:30.009996+00:00 aerohive -ah_cli_ui: [security-5--ah_cli_ui-#104004]Admin "<admin>" successfully logged in
<133>1 2017-12-06T07:22:26.298185+00:00 aerohive ah_top: [system-5-ah_top-#106001]System is initialized
This can't possibly be all that we should be logging? I'd expect to be seeing reams of information constantly hitting the syslog servers. What am I missing?
- 9 Posts
- 0 Reply Likes
- frustrated
Posted 5 months ago
Nick Lowe, Official Rep
- 2491 Posts
- 451 Reply Likes
There is a redesign of Syslog in progress that started with HiveOS 8.1r1. You should see far more Syslog data with HiveOS 8.2r1 when this becomes available.
Thanks,
Nick
- 9 Posts
- 0 Reply Likes
Nick Lowe, Official Rep
- 2491 Posts
- 451 Reply Likes
Can you send me an email at nlowe {at} aerohive.com so that I can reply to you with additional information?
Thanks,
Nick
- 7 Posts
- 0 Reply Likes
Hello,
Having the same issue now with 8.2.r1. Do you know if this was fixed? If I downgrade the APs to version 6.5r6 or 6.5.r8b, the INFO syslog messages are much detailed and include the IP Address and Username of users during the authentication process. We use this for user identification for our firewall so is crucial for us.
I have wireshark captures from both firmware versions if someone wants to have a look.
Kind regards,
Edward
Nick Lowe, Official Rep
- 2491 Posts
- 451 Reply Likes
For Palo-Alto integration with NPS, can I suggest you look at this method of integration which does not use Syslog:
https://github.com/cesanetwan/scripts/wiki/CEFilter-UID-RADIUS-script
https://github.com/cesanetwan/uid-radius-script-ps/wiki
This will not work, however, where HiveOS is acting as the RADIUS server or a different third-party RADIUS server is used.
(It is often better to use NPS than the built-in RADIUS server for this type of deployment scenario.)
I will do some background investigation on the Syslog side of things.
Cheers,
Nick
- 7 Posts
- 0 Reply Likes
We're actually using a couple of Aerohive APs as RADIUS servers and not MS NPS. This has always worked well in the past but we're dependant on the other APs syslog messages to our syslog server to capture the Username/IP mapping. Thanks for looking into it, I've opened a support case as well so will post an update once I hear back.
Thanks again,
Edward
Nick Lowe, Official Rep
- 2491 Posts
- 451 Reply Likes
I am going to progress the Syslog issue with the product management team and potentially via a CFD. Stay tuned...
Regards,
Nick
- 1 Post
- 0 Reply Likes
can you give us an update regarding this issue ? is a patch already available ?
Thank you
Best Regards
Eric
- 7 Posts
- 0 Reply Likes
Hi Eric,
We have an SR open with Aerohive and we are waiting for a fix for this. This was the latest update from a couple weeks ago:
" Based on our discussions with the product management team, it is currently looking like a solution for this is most likely to come mid to late Q2 2018 with HiveOS releases that are due after 8.3r2, and the companion HMNG release that is due around that time. "
Not sure if Nick has any other info?
Kind regards,
Edward
Related Categories
-
Access Points, Switches and Routers
- 2123 Conversations
- 578 Followers