Dynamic Logs

The Dynamic Logs feature enables Aruba Central to dynamically collect CLI logs, gateway crash logs, and dynamic packet capture (PCAP) for wireless clients connected to IAPs.

The Dynamic Logs workflow is as follows:

  • In an network managed by Aruba Central, events generated from APs or gateways trigger logs.
  • When such an event is generated, Dynamic Logs automatically initiates the troubleshooting services associated with the specific type of event. The troubleshooting service has a defined troubleshooting recipe for each type of event.
  • In case of gateway device crash, an event is created and is listed in the Events table under Alerts & Events page. Crash events are exported from the device and are integrated with the Central Tool Box (CTB) to gather the latest crash dump associated with the specific event. The crash event triggers an automated workflow to gather crash files from central managed devices using the CTB tool. You can collect the gateway crash logs from the Dynamic Logs column in the Events table.

    Gateway crash logs is supported from gateway version 8.6.0.4-2.2.0.0 and above.

  • The Aruba Support team downloads and analyzes the debugging logs. Upon analyzing, it registers a TAC Technical Assistance Center. Case and notifies the corrective actions to the user.

Configuring Dynamic Logs

To configure the Dynamic Logs, complete the following procedure:

  1. In the Aruba Central app, set the filter to Global.
    The dashboard context for the filter is displayed.

  2. Under Analyze, click Alerts & Events.
    The Alerts & Events pane is displayed in the List view.
  3. In the Alerts & Events page, click the Config icon.
     By default, the Alert Severities & Notifications page is displayed.
  4. Click the Dynamic Logs tab.
    The Dynamic Logs page is displayed.
  5. Enable the Dynamic logs collection toggle button in order collect logs when applicable events occur.
  6. Optionally, select the Notify Aruba Support check box, if you want to notify the Aruba Support team.
  7. Click Save.

Device Licensing for Dynamic Logs

Dynamic Logs is supported for both APs and Gateways. For a device with a Foundation license, Dynamic Logs only collects the logs and does not notify Aruba support, even if the option is enabled. The Aruba support notification option is only supported for an AP or gateway with an Advanced license. For more information about the Dynamic Logs feature in the Aruba Central licensing model, see Aruba Central Licensing Guide.

Viewing the Dynamic Logs Notifications

To view the Dynamic Logs notifications, complete the following procedure:

  1. In the Aruba Central app, click the notification icon.
    The Notifications window is displayed.
  2. Click the Dynamic Logs tab.
    A list of Dynamic Logs events are displayed.
  3. Click View all.
    The Alerts & Events pane is displayed in the List view.
  4. In the Alerts & Events page, click the Config icon.
     By default, the Alert Severities & Notifications page is displayed.
  5. Click the Dynamic Logs tab.
    The Dynamic Logs page is displayed.

Filtering Events at an Advanced Level

To filter Dynamic Logs events based on event types, complete the following procedure:

  1. On the Alerts & Events > Events page, click Click here for advanced filtering to filter the dynamic logs based on event types.
  2. Select the event type and click Filter.

    You can select multiple event types from the advanced filtering option.

  3. Click Clear All to clear the selected event types from the advanced filtering option.

The following table describes the information displayed in each column of the Events table:

Table 1: Events Pane

 

Data Pane Content

Description

Occurred On

Displays the timestamp of the event. Use the sort option to sort the events by date and time. Use the filter option to select a specific time range to display the events.

Device Type

Displays the type of the device, Access Point, Client, Gateway, Switch. Use the filter option to filter events by device type.

Device Hostname

Displays the host name of the device where the event is generated. Use the filter option to filter events by device hostname.

Device MAC

Displays the MAC Media Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. address of the device. Use the filter option to filter events by device MAC address.

Client MAC

Displays the MAC address of the device to which the client is connected. Use the filter option to filter events by client MAC address.

BSSID

Displays the BSSID Basic Service Set Identifier. The BSSID identifies a particular BSS within an area. In infrastructure BSS networks, the BSSID is the MAC address of the AP. In independent BSS or ad hoc networks, the BSSID is generated randomly. of the device. Use the filter option to filter events by device BSSID.

Event Type

Displays the type of the event.

Label

Labels associated with the device.

Site

The site to which the device belongs.

Group

The group to which the device belongs.

Description

Displays the description of the event.

Collected Data

Displays the collected data for a specific event to perform any troubleshooting diagnosis. Use the filter to select the data type, PCAP or Crash Logs.

Aruba Support

Provides the following information:

The icon indicates that the notification has been sent to the Aruba Support team.

Click the icon to view the TAC Notes. The TAC Notes includes the analysis of the debugging logs and the corrective actions for the TAC Case, registered by the Aruba Support team.

To customize the Events table, click the icon to select the required columns, or click Reset to default to set the table to the default columns. To autofit the columns, click the icon and select Autofit columns.

Click the icon to download the dynamic log events list in a CSV Comma-Separated Values. A file format that stores tabular data in the plain text format separated by commas. format.

CLI Logs Support

For the CLI logs, based on the event type, the recipe executes the pre-defined CLI commands on the devices, collects all the debugging logs, and uploads it to a secure location. The CLI log feature is supported for IAPs only.

The following table describes the list of events supported for CLI logs:

Table 2: CLI Logs Events List

Event Name

Description

Client 802.1x Radius Reject

This event is received when a client performs 802.11 802.11 is an evolving family of specifications for wireless LANs developed by a working group of the Institute of Electrical and Electronics Engineers (IEEE). 802.11 standards use the Ethernet protocol and Carrier Sense Multiple Access with collision avoidance (CSMA/CA) for path sharing. authentication and the request to the radius server is rejected.

Client 802.1x Radius Timeout

This event is received when a client performs 802.11 authentication and the request to the radius server times out.

Client Captive Portal A captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users. Authentication Failure

This event is received when a captive portal authentication fails for a client.

The CLI icon is visible against each event under the Collected Data column, which has a dynamic log file. Hover over the CLI icon to view the event type and the list of CLI commands associated with the specific event. Click the CLI drop-down list to download or email the file for offline analysis.

  • The content of the e-mail includes the metadata associated with the event, the list of CLI commands, the link to view the troubleshooting command output, and the link for the Aruba Support team to access the troubleshooting data.

  • The Aruba Support notification option is not supported for CLI logs.

The CLI log collection is limited to each interval based on each event level and cluster level.

Table 3: CLI log Rate-Limiting

 

5 Minutes Interval

Rate limiting Parameter

Client 802.1x Radius Reject

Client 802.1x Radius Timeout

Client Captive Portal Authentication Failure

Radius Server

1

1

-

AP

-

-

1

Aruba CentralCluster

50

50

10

Dynamic Packet Capture Support

Dynamic Logs support dynamic packet capture (PCAP) for wireless clients connected to IAPs. When there is any failure between the client and IAP, an event occurs and the device flushes a set of packet captures associated with the connected client MAC address. The PCAP is a system generated file and is carried along with the event.

The PCAP icon is visible against each event under the Dynamic Logs column that has a packet capture file. Click the PCAP drop-down list to download or email the file for offline analysis. You can view the PCAP file in Wireshark.

The dynamic PCAP file is available for a duration of 1 week. After 1 week, the file is automatically deleted.

Following are the seven client connectivity based failure events that support dynamic PCAP:

  • For dynamic packet capture events related to IAPs, the recommended firmware version is Aruba Instant 8.7.0.0_75915 or later and it is supported on IAP models, 5xx and above.
  • The Aruba support notification option is not supported for dynamic packet capture.