It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Web Security Gateway

Accepted Syslog Formats From Wireless APs

  • Last updated on

This article includes examples from specific wireless AP devices Barracuda Networks has tested from which the Barracuda Web Security Gateway can accept syslog data. Since the manufacturers of these devices may change the format from time to time, Barracuda Networks recommends consulting with your device manufacturer to verify the current syslog output format.

The only fields required in syslog output from wireless AP devices by the Barracuda Web Security Gateway are shown in bold face. These fields identify the wireless AP device and the user for the syslog on the Barracuda Web Security Gateway.

Example syslog format for Meru

ALARM: 1388445713l | system | info | ALR | Station Info Update : MAC-Address : 74:e5:0b:b9:63:46, User-Name: dnoble, AP-Id: 1, AP-Name: Meru-AP, BSSID: 00:0c:e6:02:86:ae, ESSID: Meru, IP-Type: discovered, IP-Address: 184.15.21.123, L2-Mode: 802.1x, L3-Mode: clear, Vlan-Name: None, Vlan-Tag: 0

Example syslog formats for Ruckus

   Format 1, for Ruckus:

Mar 3 18:32:13 stamgr: stamgr_send_log_v4():operation=add;seq=3;sta_ip=10.1.0.123;sta_mac=d8:30:62:8b:71:e0;zd/ap=24:c9:a1:24:ae:c8/54:3d:37:29:c2:a0;sta_ostype=iOS;sta_name=adnoble;stamgr_handle_remote_ipc

   Format 2, for Ruckus Cloudpath:

ts=20171013 164450.444, lvl=FINE, action=RAD ACCOUNTING, radAcctType=Start, accountPk=1, radClientIp=10.100.38.10, radSessionId=59E0ED6B-37113000, radUsername=bstrohm, radClientMac=28:B2:BD:FB:27:FA, src=service.RadiusConnectionService


Example syslog format for Aerohive

INFO AUTH 12/9/2014 11:39:43 AM 10.1.0.184 10.1.0.184 ah_auth: Station 74e5:0bb9:6346 ip 10.1.31.123 username dnoble hostname BenZ570 OS n/a

Example syslog formats for Aruba

    Format 1:  

Oct 2 13:02:34 authmgr[3785]: <522008> <NOTI> |authmgr| User Authentication Successful: username=dnoble MAC=c4:62:ea:c1:e7:3f IP=10.213.50.$i role=ADMON_USER VLAN=15 AP=THE.GYM.1 SSID=CNG_WIRELESS AAA profile=CNG_WIRELESS-aaa_prof auth method=802.1x auth server=RADIUSCNG2"

    Format 2:

Jul 25 13:25:25 stm[1454]: <501199> |AP ap-3175w-2f-web@10.7.7.42 stm| User authenticated, mac-18:af:61:5f:0d:27, username-rmathews, IP-10.6.124.216, method-4, role-affinity

Example syslog format for Clearpass  

08-18-2014 10:42:43 Local1.Debug 192.168.100.27 2014-08-18 10:42:42,650 192.168.100.27 For Cuda Grab 78 1 0 Common.Username=dnoble,Common.Service=Ancillae_802.1x_Wireless,Common.Roles=Ancillae_FAC_STAFF_STU, [User Authenticated],Common.Host-MAC-Address=e4ce8f1d29de,RADIUS.Acct-Framed-IP-Address=10.50.45.103,Common.NAS-IP-Address=192.168.100.27,Common.Request-Timestamp=2014

Example syslog format for Cisco

Wed Jun 22 07:00:00 COT 2016,""Wed Jun 22 07:00:00 COT 2016"",""0s"",""ICETEXV2\\apond"",""74:46:A0:A4:7A:E7"","""",""10.1.235.2"",""dot1x"",""PEAP (EAP-MSCHAPv2)"",""ICTX_WIRED >> ICTX-802.1X-WIRED >> Default"",""ICTX_WIRED >> ICTX-WIRED-USER"",""ICTX-PERMIT-ALL"","""","""","""",""Started"","""",""ictxsrvise1"",""0A01041B000064AB70CDEAC8"",""000017A3"",""10.1.4.27"",""GigabitEthernet1/0/30"",""N"",""0"",""0"",""0"",""0"","""",""RADIUS"",""icetex.local"","""",""ICETEXV2"","""",

Example syslog format for CISCO Aironet

wlc1_vabeach-exec_cflag: haSSOServiceTask2: May 17 13:21:41.809: %APF-3-AUTHENTICATION_TRAP:  [SS] apf_80211.c:19558 Client Authenticated: MACAddress:9D:74:13:8A:7A:32 Base Radio MAC:9C:74:13:8A:7A:32 Slot:1 { }User Name:test_user{} *Ip Address:10.36.1.55  SSID:CFEmployee

Example syslog format for CISCO Meraki

<15>Washworld_Network_wireless events type=association  radio='1' vap='0' client_mac='B2:F5:0D:23:E9:01' last_known_client_ip='10.31.132.141'  band='5' channel='44' rssi='43' identity='qauser1'  aid='1234985199'