Controllerless Networks

 View Only

  • 1.  Question on Changing Syslog Levels

    Posted Jun 20, 2020 06:54 AM

    Hello,

    I just started working with these access points last week, so I'm afraid I have some very basic questions. What we seem to have is three Model 305 access points running 8.3.0.6 managed by a virtual controller. The networks are up and running but I'd like to get more monitoring going. We have an external syslog server, and events are being sent to it. Initially all of the syslog facility levels were set to Warning, but among other things I would like to get event notices when stations both succeed and fail to properly authenticate. From some documents online it seems that these events appear in the security logs at an Information or Notice levels.

    In order to get that data, I changed the facility level for Security logs from Warning to Information, but no additional logs appear to be sent. Even if I change it to Debug, I still get no additional logs.

    So I wonder... do I have to do something special to apply changes? Some vendors require a reboot before changes become active, but there's no indication that it's necessary with these access points, so it's a bit of a mystery. I'm hoping there's just some simple thing that I'm not doing, so any hints would be very welcome.

    Thanks!



  • 2.  RE: Question on Changing Syslog Levels

    Posted Jun 23, 2020 10:03 AM

    Have you tried setting this: 

    (host) (config) #logging level debugging security process authmgr

     

     



  • 3.  RE: Question on Changing Syslog Levels

    Posted Jun 23, 2020 10:12 PM

    Thanks for your note. Unfortunately, much as I would love to have it, I've not been given SSH access to the access points. For reasons unclear I have to do everything via the GUI, so is there an equivalent way to get the job done via that interface?

     

    Thanks!



  • 4.  RE: Question on Changing Syslog Levels

    Posted Jun 29, 2020 05:54 AM

    Alternatively I just wondered if there is a way to open a CLI window from within the GUI? That would be great, given that there seem to be things do-able in the CLI that aren't available in the GUI. If not I'll work on getting SSH access, though a CLI window would be a nice addition. Thanks!



  • 5.  RE: Question on Changing Syslog Levels

    Posted Jul 01, 2020 11:10 PM

    After getting SSH access I find that there is no 'logging' command available. If I go into the 'configure' mode the closest thing I see is

    syslog-level debug security

    with no trailing arguments allowed. After going back into the initial mode, a 'commit apply' seems to apply this change (it shows up in the GUI), but I'll need to watch it for a while to see if there are any changes in the logged data.



  • 6.  RE: Question on Changing Syslog Levels

    Posted Jul 02, 2020 03:18 AM

    After watching the logs for a while I don't see any messages that we weren't getting before. It's quite strange. Both the GUI and the CLI show the security log level as 'Debug' but I don't seem to be getting any syslog messages below the 'Warning' level. There is no severity-based filter on the syslog server itself (Logstash).



Related Content