This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forÂ
- Extreme Networks
- Community List
- Network Management & Authentication
- ExtremeCloud IQ- Site Engine Management Center
- How capture(send to syslog) the client history usi...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
How capture(send to syslog) the client history using one of those WirelessC5210 , Netsight and OneView(we are using this in or enverioment)
How capture(send to syslog) the client history using one of those WirelessC5210 , Netsight and OneView(we are using this in or enverioment)
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎04-07-2016 04:15 PM
How capture(send to syslog) the clients history of a network with 100 APs and 1 Controler, using one WirelessC5210 , Netsight and OneView(we are using these in our enveronment).
I am trying to have a history of the user and its IPs address in their time of use, currently in OneView -> wireless -> client, the events we have are limited for 1000 lines, how export this events for a syslog server. This can be from the C5210 -> reports -> active clients, too.
Thanks in Advance.
Regards,
Andre Paiva.
I am trying to have a history of the user and its IPs address in their time of use, currently in OneView -> wireless -> client, the events we have are limited for 1000 lines, how export this events for a syslog server. This can be from the C5210 -> reports -> active clients, too.
Thanks in Advance.
Regards,
Andre Paiva.
6 REPLIES 6
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎04-08-2016 02:25 PM
You would be duplicating the traffic if NetSight is your syslog server and you have "Send station session events to NetSight" checked.
Doug Hyde
Director, Technical Support / Extreme Networks
Director, Technical Support / Extreme Networks
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎04-08-2016 11:06 AM
Thank you everybody.
Another question, I am using the Netsight with Advanced license as the syslog Server, just to confirming that it is not getting doble/duplicated information, as the Netsigh is already as the admin of the controler, is necessary to add its Ipaddres as in the first screen shoot ? in Controller >> Logs Configuration or is just necessary to marked send station Event ?
The goal that the client really need is have the history of the end-stations on the net, the most close that I saw is in OneView -> Wireless -> Client Event ->(or it was end-station and some way expand the history)and filters one cliente to show its history on the network. But Because it only shows 2 hours of a event, in our case we really need a more long time.
They need it because when someone maybe do something illegal on the network, they need to know who was or the laws says that the fault is their(client).
Regards,
Andre.
Another question, I am using the Netsight with Advanced license as the syslog Server, just to confirming that it is not getting doble/duplicated information, as the Netsigh is already as the admin of the controler, is necessary to add its Ipaddres as in the first screen shoot ? in Controller >> Logs Configuration or is just necessary to marked send station Event ?
The goal that the client really need is have the history of the end-stations on the net, the most close that I saw is in OneView -> Wireless -> Client Event ->(or it was end-station and some way expand the history)and filters one cliente to show its history on the network. But Because it only shows 2 hours of a event, in our case we really need a more long time.
They need it because when someone maybe do something illegal on the network, they need to know who was or the laws says that the fault is their(client).
Regards,
Andre.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎04-07-2016 05:32 PM
If I unterstand the question correctly... you have a syslog server (not the Netsight one) to collect the information.
Then you should be able to send all events via syslog to Netsight and then create an alarm for a specific message (when a client connects/authenticate) with an action to send a syslog message from Netsight to your other syslog server.
I've tried it with the action email (have no other syslog in my lab) and get this email if my clients connects - in my case I use 802.1X for the SSID and I've used the syslog message "Radius Client Radius Response: Accepted" to trigger the alarm.
-----Ursprüngliche Nachricht-----
Von: xxx [mailto: XXX]
Gesendet: Thursday, April 07, 2016 9:14 PM
An: Dvorak, Ronald
Betreff: NetSight Info Alarm: TestClientConnect
Device:
Severity: Clear
Message: events: Radius Client Radius Response: Accepted: UserID:dvorakr_iphone, Client MAC:[9C:FC:01:1C:01:D6] 3
-Ron
Then you should be able to send all events via syslog to Netsight and then create an alarm for a specific message (when a client connects/authenticate) with an action to send a syslog message from Netsight to your other syslog server.
I've tried it with the action email (have no other syslog in my lab) and get this email if my clients connects - in my case I use 802.1X for the SSID and I've used the syslog message "Radius Client Radius Response: Accepted" to trigger the alarm.
-----Ursprüngliche Nachricht-----
Von: xxx [mailto: XXX]
Gesendet: Thursday, April 07, 2016 9:14 PM
An: Dvorak, Ronald
Betreff: NetSight Info Alarm: TestClientConnect
Device:
Severity: Clear
Message: events: Radius Client Radius Response: Accepted: UserID:dvorakr_iphone, Client MAC:[9C:FC:01:1C:01:D6] 3
-Ron
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎04-07-2016 05:30 PM
Andre,
You cannot completely filter out all of the client events, but if you uncheck "service" and "audit" messages, you can reduce the amount of logging you will receive.
In case you are not aware of OneView reporting, I wanted to mention that also. You can collect historical client data in reports, if that would help you.
This is one example - https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-create-a-report-that-shows-how-many...
I also have created an article for this subject - https://gtacknowledge.extremenetworks.com/articles/Q_A/Can-ExtremeWireless-client-events-be-sent-to-...
Regards,
Jason
You cannot completely filter out all of the client events, but if you uncheck "service" and "audit" messages, you can reduce the amount of logging you will receive.
In case you are not aware of OneView reporting, I wanted to mention that also. You can collect historical client data in reports, if that would help you.
This is one example - https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-create-a-report-that-shows-how-many...
I also have created an article for this subject - https://gtacknowledge.extremenetworks.com/articles/Q_A/Can-ExtremeWireless-client-events-be-sent-to-...
Regards,
Jason
