Skip to main content

Thu, Sep 19, 2013 4:52 PM

How can I send only only the "Most Recent User Activities" to a remote syslog server?

Can I send only the "Most Recent User Activities" to a remote syslog? I don't want to collect all the radius_client, radius_server, cluster... information. Syslog server is solarwinds. I am running two ZD3000 Active/Stanby configuration.

I need the user information as part of my security logging.

Responses

337 Messages

 • 

5.5K Points

7 years ago

You can send all messages to a syslog server and then filter for the ones you need. However looking at my last 10,000 (default) entries there are no "most recent user activities" entries.
Would expect they appear under "info" or "warning" headings but those seem to have few entries. It seems almost everything comes under the "error" and "debug" heading.
Then need to find the exact wording ruckus use for messages that relate to "most recent user activities" and text filter on that.

I'm using syslog watcher personal. In general the log entries tend to be pretty cryptic so don't expect plain english!

In very pragmatic terms if you log everything then you at least have the data to fulfill your security requirement even though you are collecting more than needed. Hmm.

5 Messages

 • 

110 Points

6 years ago

hello,
i just installed syslog watcher personal, whats next step?

Champion

 • 

202 Messages

 • 

3K Points

6 years ago

point your zonedirector at your syslog server.