12-05-2018 02:47 AM
Hi we use Aerohive AP and from there i get syslogs at my Kiwi Syslog Server. Like this one:
ah_auth: add new RT sta: MAC=xxxxxxxx, IP=10.100.100.20, hostname=xxxxx, username=xxxxxx on wifi0.7
And now i need this information in the PA because there i only see in the traffic monitor the Source IP Adress from the AP and no Source User.
How can i configure that the PA can take the log information from the kiwi syslog? Or is there an easy way to take the Aerohive Login/logout and device informations to the firewall?
Aerohive and Palo Alto Network have a cooperation... https://manualzz.com/doc/23623919/aerohive-and-palo-alto-networks
12-05-2018 10:58 AM
Easiest way would be to configure the User-ID agent as a syslog listener, and then build out a syslog filter to identify a login and logout event. I believe the Aerohive AP v1.0.0 Syslog Parse Profile actually looks like it would work for your login event.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
