Before you post: Your responses to these questions will help the community help you. Please complete this template if you’re asking a support question.
Don’t forget to select tags to help index your topic!
1. Describe your incident:
get logs from aruba switch Aruba 2930F-24G-PoE±4SFP Switch (JL261A)
2. Describe your environment:
- OS Information:
centos 7 - Package Version:
Hostname:
Graylog
Node ID:
255ad1c2-6480-40be-9199-f26939f66989
Version:
4.3.15+17ed3ac, codename Noir
JVM:
PID 115349, Red Hat, Inc. 1.8.0_412 on Linux 3.10.0-1160.118.1.el7.x86_64 - Service logs, configurations, and environment variables:
Logs
raylog java: 2024-06-02 15:59:15,761 WARN : org.graylog.shaded.elasticsearch7.org.elasticsearch.client.RestClient - request [GET http://10.10.2.39:9200/_alias/graylog_deflector?ignore_throttled=false&ignore_unavailable=false&expand_wildcards=open%2Cclosed&allow_no_indices=true] returned 2 warnings: [299 Elasticsearch-7.17.21-d38e4b028f4a9784bb74de339ac1b877e2dbea6f “Elasticsearch built-in security features are not enabled. Without authentication, your cluster could be accessible to anyone. See Set up minimal security for Elasticsearch | Elasticsearch Guide [7.17] | Elastic to enable security.”],[299 Elasticsearch-7.17.21-d38e4b028f4a9784bb74de339ac1b877e2dbea6f “[ignore_throttled] parameter is deprecated because frozen indices have been deprecated. Consider cold or frozen tiers in place of frozen indices.”]
configuration for input - allow_override_date:
true
- bind_address:
0.0.0.0
- expand_structured_data:
false
- force_rdns:
false
- max_message_size:
2097152
- number_worker_threads:
8
- override_source:
- port:
1470
- recv_buffer_size:
1048576
- store_full_message:
false
- tcp_keepalive:
false
- tls_cert_file:
- tls_client_auth:
disabled
- tls_client_auth_cert_file:
- tls_enable:
false
- tls_key_file:
- tls_key_password:
- use_null_delimiter:
false
Switch configuration
; JL261A Configuration Editor; Created on release #WC.16.11.0006
; Ver #14:67.6f.f8.1d.9b.3f.bf.bb.ef.7c.59.fc.6b.fb.9f.fc.ff.ff.37.ef:44
hostname “Edge-4-1”
module 1 type jl261a
fault-finder broadcast-storm sensitivity high
fault-finder bad-driver sensitivity high
fault-finder bad-transceiver sensitivity high
fault-finder bad-cable sensitivity high
fault-finder too-long-cable sensitivity high
fault-finder over-bandwidth sensitivity high
fault-finder loss-of-link sensitivity high
fault-finder duplex-mismatch-hdx sensitivity high
fault-finder duplex-mismatch-fdx sensitivity high
fault-finder link-flap sensitivity high
trunk 1 trk1 trunk
trunk 2 trk2 trunk
trunk 3 trk3 trunk
logging 10.10.2.39
logging facility syslog
logging severity major
logging notify running-config-change
3. What steps have you already taken to try and solve the problem?
i add udp ports to rsyslog.conf as shown
. @@0.0.0.0:1470
. @@10.10.2.39:5140
4. How can the community help?
send mail or post the on my post
Helpful Posting Tips: Tips for Posting Questions that Get Answers [Hold down CTRL and link on link to open tips documents in a separate tab]