- Community Home
- >
- Networking
- >
- Switching and Routing
- >
- Aruba & ProVision-based
- >
- Help with ProCurve 3500 SysLog Configuration
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-18-2015 02:29 PM - edited 08-18-2015 02:49 PM
08-18-2015 02:29 PM - edited 08-18-2015 02:49 PM
Help with ProCurve 3500 SysLog Configuration
Hello,
I am running a graylog server to collect syslogs from multiple servers and am now playing with the idea of adding our ProCurve switches to the mix.
Here is what I have done so far:
logging facility syslog
logging x.x.x.x
logging severity debug (which I assumed would include this level and above. ??)
debug destination logging
debug all (sans ip, ipv6, lldp to eliminate too much data as I am new to this and alone in this endeavor so I can only handle so much)
The graylog server is receiving syslog messages from the switch but it really isn't giving me much to work with . Examples:
auth: User 'X' logout
mgr: Startup configuration changed by CLI. New seq. number 77
What would be nice is to see such things as entered commands, e.g., wr mem, static route changes, etc.
I am working with a ProCurve 3500yl, software version K.15.13.0005
Any suggestions would be appreciated.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-21-2015 01:19 PM
08-21-2015 01:19 PM
Re: Help with ProCurve 3500 SysLog Configuration
Logging of config changes can be done via the Radius Accounting subsystem:
(config)# aaa accounting commands stop-only syslog
Sorta buried, I'll admit...
Syslog server output:
Aug 21 11:09:52 128.44.120.1 acct: Acct-Session-ID='0x086800000007',Acct-Status-Type='Stop',NAS-Identifier='mike',User-Name='mpatmon',Acct-Authentic='RADIUS',Calling-Station-Id='128.44.120.100',HP-Command-String='ip route 1.1.1.1/32 10.1.1.1'
Aug 21 11:10:06 128.44.120.1 03125 mgr: Startup configuration changed by CLI. New seq. number 848
Aug 21 11:10:06 128.44.120.1 acct: Acct-Session-ID='0x086800000008',Acct-Status-Type='Stop',NAS-Identifier='mike',User-Name='mpatmon',Acct-Authentic='RADIUS',Calling-Station-Id='128.44.120.100',HP-Command-String='write memory'
I would not enable the other debug types you mentioned unless you are debugging a problem. Some of the debug output is extremely frequent and verbose and can induce a significant burden on system resources. "Debug event" plus the command logging is all you really need for what you stated.
You can also see the Access Security Guide for more info. Hope that helps.