Legal Disclaimer: The resource assets in this website may include abbreviated and/or legacy terminology for HPE Aruba Networking products. See www.arubanetworks.com for current and complete HPE Aruba Networking product lines and names.
Viewing Device Events
Admins can use the System > Syslog & Traps page to review all syslog messages and SNMP traps that AirWave receives from the trigger type Device Event. For more information about triggers, see Viewing Triggers.
Starting with AirWave 8.2.6, you can set critical thresholds to alert when there are hardware failures on the HPE Aruba Networking 8400 and 8320 switches. By default, AirWave enables the trigger when you upgrade to or install AirWave 8.2.6.
Figure 1 shows an example of events for the HPE Aruba Networking 8400 Switch.
Figure 1 Viewing Device Events
Here are some of the details about the device events you can view from the Syslog & Traps page:
- Time. The time the device event occurred.
- Type. The type can be syslog or SNMP trap.
- Source Device. The name of the device that sent the message. This field provides a link to the device monitoring page if you have visibility to the device, or it can be empty if AirWave can't correlate the source IP address.
- AP/Device. This field provides a link to the device monitoring page for a device other than the source device if it correlates data contained in the message (by LAN MAC, BSSID, or IP Address) and you have visibility to the device.
- Client. The user’s MAC address, if found in the message. This field provides a link to the client page if you have visibility to the user’s AP, or it can be empty.
- Severity. The event severity can be emergency, alert, critical, bug, error, warning, notice, or info.
- Facility. The facility is obtained from part of the syslog spec, which is the logical source of the message. From controllers, the facility will always be one of local0 to local7. You can configure on the controller which facility you want to use in the messages when sending syslog messages to a receiver.
- Category. For SNMP traps, the category can be hardware, IDS, client security, AP security, AP status, software, or rogue detection. For Syslog messages, a category is based on the process name on the controller that sent the syslog message. Categories for traps and syslog messages only works for events from a
- Message. The raw trap message includes the AP MAC Address, time sent, and other information. For syslog messages, AirWave doesn't display the numbers at the beginning of the message that indicate the severity and facility. For SNMP traps, AirWave tries to translate them into human-readable format. AirWave won't receive processed SNMP traps into the Device Event framework if the AirWave doesn't have the MIB file to translate the trap.
Syslog messages also appear in the Devices > Monitor page for controllers and in Clients > Client Detail pages under the Association History section.
You can filter most columns by clicking 
, and you can filter the messages after you enter a text into the Search field, as shown in Figure 1.
To change the historical data retention period, go to AMP Setup > General and update the Device Events (Syslog, Traps) field.
With the support for AOS 8.8.0.0 version, AirWave displays the wlsxClusterVlanProbeStatus trap correctly in the System > Syslog & Traps > Device Events section.
