Auditing and logging - server


ArubaOS-Switch provides both locally stored event and security logs, as well as using the syslog protocol to forward events to a remote server for auditing purposes. Logged events can be filtered by severity level, originating system modules, or using regular expressions to match against message text.

The syslog client is capable of connecting to a server using UDP (default), TCP, or TLS protocols. TLS is the preferred protocol, as it provides an encrypted connection to the syslog receiver. This requires the switch to possess a signed TLS client certificate, and the receiver to possess a signed TLS server certificate. (Self-signed certificates cannot be used for connections to a syslog receiver.)


Refer to the user documentation for the desired syslog receiver to generate and install the required TLS server certificate.

Once the required certificates are installed, use the following commands to configure the switch to forward all events with a severity of warning or higher to a syslog server at using TLS:

switch(config)# logging tls
switch(config)# logging severity warning

See Also

Item Details


References: 800-53|AU-4(1)

Plugin: ArubaOS

Control ID: d2eaefcdbfecf1840bca714f4b9f914fe003b8560330c118928aebebc2059333