Wireless Access

Hello All,

in my infrastructure I have Aruba 305APs with Aruba 7005 Controlers managed by Mobility Conductor, my goal is to send "healthcheck" logs from those APs to Splunk, I have succeded with controlers:
logging security process authmgr level informational
yet, it seems that access points are sending the logs only when KERNEL action occurs which causes some gaps in report as some of the APs did not send any logs to splunk, so those are not indexed. Basically purpose of this action is to send logs that will cause proper indexation on splunk.
My idea for that was to set up System -> Logging -> Logging Levels: Category: system, Subcategory: ap, Logging level informational. Yet I would like to ask if that is proper way or should I set it up differently to get the result.

are the syslog messages you are after listed in the syslog reference guide? 

Hello All,

in my infrastructure I have Aruba 305APs with Aruba 7005 Controlers managed by Mobility Conductor, my goal is to send "healthcheck" logs from those APs to Splunk, I have succeded with controlers:
logging security process authmgr level informational
yet, it seems that access points are sending the logs only when KERNEL action occurs which causes some gaps in report as some of the APs did not send any logs to splunk, so those are not indexed. Basically purpose of this action is to send logs that will cause proper indexation on splunk.
My idea for that was to set up System -> Logging -> Logging Levels: Category: system, Subcategory: ap, Logging level informational. Yet I would like to ask if that is proper way or should I set it up differently to get the result.

Hi,
not sure to what guide exacly should I compare the log I get on controler, would you be kind to link it? Basicaly I have turned on logging as mentioned above, and some logs in fact appeared on the controler from the Access Points:
Mar 12 20:56:11 2025  sapd[2684]: <326091> <NOTI> |AP WP003@10.0.0.242 sapd| |ap| AM: Radio Stats: APs=2 STAs=0 Mon-APs=27 Mon-STAs=6
Mar 12 20:56:20 2025  sapd[2684]: <326098> <INFO> |AP WP003@10.0.0.242 sapd| |ap| AM: PAPI_Send failed. from 10.0.0.242 to 127.0.0.1 port 8999 PAPI msgtype 0 PAPI msglength 0 AM msgtype 0 AM msglength 0 err 110 arg 0

Yet as I was checking, the splunk forwarder server set up in System - Logging - Syslog Servers did not received any of those mentioned logs. What bothers me here, is the fact, that logs from the controler itself, are delivered properly and occurs on Splunk forwarder, yet those logs from access points, visible on controler, are no appearing on splunk forwarder server at all. So I have started to wonder, if the case is in access points configuration somewhere (AP Groups settings?) or there is any missconfiguration on controler.

are the syslog messages you are after listed in the syslog reference guide? 

Hello All,

in my infrastructure I have Aruba 305APs with Aruba 7005 Controlers managed by Mobility Conductor, my goal is to send "healthcheck" logs from those APs to Splunk, I have succeded with controlers:
logging security process authmgr level informational
yet, it seems that access points are sending the logs only when KERNEL action occurs which causes some gaps in report as some of the APs did not send any logs to splunk, so those are not indexed. Basically purpose of this action is to send logs that will cause proper indexation on splunk.
My idea for that was to set up System -> Logging -> Logging Levels: Category: system, Subcategory: ap, Logging level informational. Yet I would like to ask if that is proper way or should I set it up differently to get the result.