Link Search Menu Expand Document

Logging Template

Use this template to configure local and remote logging parameters. Each requires that you specify the minimum severity level of event to log.

WARNING: Appliance logging levels should only be set to “Notice” unless TAC asks you to set it differently. This applies to both the Minimum severity level field in the Log Configuration area of this template and the Minimum Severity field in the Remote Log Receivers area. Be aware that setting this level to “Debug” will generate logs for all modules that are turned on, which causes the packet processing engine to spend excessive time logging instead of forwarding packets.

  • Set up local logging in the Log Configuration and Log Facilities Configuration sections.

    • Click the Anonymize IPs check box to enable anonymizing IP addresses in log messages. If enabled, select an option from the Bit Masking drop-down menu to indicate how IP addresses have bit masking applied in log messages.

    • Click the Jsonify check box to convert log messages to JSON when exported.

  • Set up remote logging by using the Remote Log Receivers section.

For detailed information on logging, see Logging Tab

Minimum Severity Levels

In decreasing order of severity, the levels are as follows. See the WARNING note above.

Severity Level Description
EMERGENCY System is unusable.
ALERT Includes all alarms the appliance generates: CRITICAL, MAJOR, MINOR, and WARNING.
CRITICAL Critical event.
ERROR An error. This is a non-urgent failure.
WARNING A warning condition. Indicates an error will occur if action is not taken.
NOTICE A normal, but significant, condition. No immediate action required.
INFORMATIONAL Informational. Used by Silver Peak for debugging.
DEBUG Used by Support for debugging.
NONE If you select NONE, no events are logged.
  • If NOTICE is selected (the default setting), the log records any event with a severity level of NOTICE, WARNING, ERROR, CRITICAL, ALERT, and EMERGENCY.

  • These are purely related to event logging levels, not alarm severities, even though some naming conventions overlap. Events and alarms have different sources. Alarms, after they clear, list as the ALERT level in the Event Log.

  • In the Log Facilities Configuration section, assign each message/event type (System / Audit / Firewall / IDS/IPS) to a syslog facility level (local0 to local7).

Configure Remote Logging

You can configure the appliance to forward all events, at and above a specified severity, to a remote syslog server.

A syslog server is independently configured for the minimum severity level that it will accept. Without reconfiguring, it might not accept as low a severity level as you are forwarding to it.

To configure remote logging:

  1. Under Remote Log Receivers, click Add.

  2. For each remote syslog server that you add to receive the events, complete the following fields with the appropriate information.

    Field Description
    Remote Receiver Remote receiver’s IP address.
    Port Port number of the remote syslog server. Valid values range from 2 through 65535.
    Protocol Select the protocol you want to apply: UDP, TCP, or TCP SSL.
    Minimum Severity Select the minimum severity level of messages you want to log (see the WARNING message above): None, Emergency, Alert, Critical, Error, Warning, Notice, Info, or Debug.
    Facility Select all, local1, local2, local3, local4, local5, local6, or local7.
    Client Certificate If you selected TCP SSL protocol, do one of the following:

    Click Add to upload the certificate and key files. Then, complete the fields as explained below.

    Click View to view the client certificate.

    Click Don’t Apply if you do not want to apply the client certificate.
    Verify Click this cell to display a check box, and then select it to verify the server certificate.

Add a Client Certificate

NOTE: For version 9.4, the use of end entity certificates is not supported in templates.

To add a client certificate:

  1. In the Client Certificate column, click Add.

    The Add Remote Receiver SSL Certificate dialog box opens.

  2. Complete the following fields.

    Field Description
    PFX Certificate File To use a PFX certificate file, select this check box.
    Certificate File Click Choose File. Locate and select the certificate file, and then click Open.
    Private Key File Click Choose File. Locate and select the private key file, and then click Open. If you selected PFX Certificate File, this field is disabled.
    Import Password Enter the import password for the certificate.
    Passphrase Enter the passphrase for the certificate.
  3. Click Add.

Back to top

© Copyright 2024 Hewlett Packard Enterprise Development LP. The information contained herein is subject to change without notice. The only warranties for Hewlett Packard Enterprise products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. Aruba Networks and the Aruba logo are registered trademarks of Aruba Networks, Inc. Third-party trademarks mentioned are the property of their respective owners. To view the end-user software agreement, go to Aruba EULA.

Open Source Code:

Hewlett Packard Enterprise Company
Attn: General Counsel
WW Corporate Headquarters
1701 E Mossy Oaks Rd Spring, TX 77389
United States of America