Receive syslog from aruba switch

Before you post: Your responses to these questions will help the community help you. Please complete this template if you’re asking a support question.
Don’t forget to select tags to help index your topic!

1. Describe your incident:
get logs from aruba switch Aruba 2930F-24G-PoE±4SFP Switch (JL261A)

2. Describe your environment:

  • OS Information:
    centos 7
  • Package Version:
    Hostname:
    Graylog
    Node ID:
    255ad1c2-6480-40be-9199-f26939f66989
    Version:
    4.3.15+17ed3ac, codename Noir
    JVM:
    PID 115349, Red Hat, Inc. 1.8.0_412 on Linux 3.10.0-1160.118.1.el7.x86_64
  • Service logs, configurations, and environment variables:
    Logs
    raylog java: 2024-06-02 15:59:15,761 WARN : org.graylog.shaded.elasticsearch7.org.elasticsearch.client.RestClient - request [GET http://10.10.2.39:9200/_alias/graylog_deflector?ignore_throttled=false&ignore_unavailable=false&expand_wildcards=open%2Cclosed&allow_no_indices=true] returned 2 warnings: [299 Elasticsearch-7.17.21-d38e4b028f4a9784bb74de339ac1b877e2dbea6f “Elasticsearch built-in security features are not enabled. Without authentication, your cluster could be accessible to anyone. See Set up minimal security for Elasticsearch | Elasticsearch Guide [7.17] | Elastic to enable security.”],[299 Elasticsearch-7.17.21-d38e4b028f4a9784bb74de339ac1b877e2dbea6f “[ignore_throttled] parameter is deprecated because frozen indices have been deprecated. Consider cold or frozen tiers in place of frozen indices.”]
    configuration for input
  • allow_override_date:

true

  • bind_address:

0.0.0.0

  • expand_structured_data:

false

  • force_rdns:

false

  • max_message_size:

2097152

  • number_worker_threads:

8

  • override_source:

  • port:

1470

  • recv_buffer_size:

1048576

  • store_full_message:

false

  • tcp_keepalive:

false

  • tls_cert_file:

  • tls_client_auth:

disabled

  • tls_client_auth_cert_file:

  • tls_enable:

false

  • tls_key_file:

  • tls_key_password:

  • use_null_delimiter:

false
Switch configuration
; JL261A Configuration Editor; Created on release #WC.16.11.0006
; Ver #14:67.6f.f8.1d.9b.3f.bf.bb.ef.7c.59.fc.6b.fb.9f.fc.ff.ff.37.ef:44
hostname “Edge-4-1”
module 1 type jl261a
fault-finder broadcast-storm sensitivity high
fault-finder bad-driver sensitivity high
fault-finder bad-transceiver sensitivity high
fault-finder bad-cable sensitivity high
fault-finder too-long-cable sensitivity high
fault-finder over-bandwidth sensitivity high
fault-finder loss-of-link sensitivity high
fault-finder duplex-mismatch-hdx sensitivity high
fault-finder duplex-mismatch-fdx sensitivity high
fault-finder link-flap sensitivity high
trunk 1 trk1 trunk
trunk 2 trk2 trunk
trunk 3 trk3 trunk
logging 10.10.2.39
logging facility syslog
logging severity major
logging notify running-config-change

3. What steps have you already taken to try and solve the problem?
i add udp ports to rsyslog.conf as shown
. @@0.0.0.0:1470
. @@10.10.2.39:5140

4. How can the community help?
send mail or post the on my post

Helpful Posting Tips: Tips for Posting Questions that Get Answers [Hold down CTRL and link on link to open tips documents in a separate tab]

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.