This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Ruckus Wireless
RUCKUS Self Help |   ASK the Pack
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Syslog and Palo Alto User-ID

Wuff
New Contributor

‎05-12-2026 03:53 AM

Hello Community,

I have the following issue/request. I would like to forward an AD user’s Wi‑Fi login information via the syslog server of our VSZ 7.1.1.0872 to a Palo Alto User-ID agent.

Which setting do I need to configure on the VSZ Syslog so that this information is passed to the User-ID?

2026/05/08 08:09:16 206 Client authorization successfully Informational Client [Domain\wolf@10.0.0.62@38:7A:0E:D4:92:9D] of WLAN [HF-LAN] from AP [AP05@70:CA:97:08:50:60] was authorized. 2026/05/08 08:09:16 202 Client joined Informational Client [Domain\wolf@10.0.0.62@38:7A:0E:D4:92:9D] joined WLAN [HF-LAN] from AP [AP05@70:CA:97:08:50:60] on [b/g/n].

I assume I can then extract the details on the Palo Alto User-ID side using a regex. Thank you

0 Kudos
3 REPLIES 3

sanjay_kumar
Moderator
Moderator

‎05-12-2026 07:33 PM

Hi,

You can configure External Syslog Server under Services >> AP External Syslog Server >> Then enter the Palo Alto IP address.
However, it is not sure if the Palo Alto can take the Syslog details and extract the User ID details.

You can also try configuring the "Accounting Server" option in the SSID and point to the Palo Alto, which will forward the user accounting details. This should allow Palo Alto to extract the User ID details.

0 Kudos

Wuff
New Contributor
In response to sanjay_kumar

‎05-13-2026 12:13 AM

Hi sanjay_kumar,

and the global Syslog sever under Administration must also be configured? This Syslog Server is not enough to get the user login info?  At least I don’t see any entries related to this on the Graylog server.

If I configure this via the AP External Syslog Server, I don’t receive any entries on Graylog at all — do I need to do anything else to enable/apply this setting?
 
Thanks in advance!
 
cu
Wolfgang
0 Kudos

sanjay_kumar
Moderator
Moderator
In response to Wuff

‎05-13-2026 01:36 AM

Hi @Wuff,

Try below steps:

Step 1:
Configure External Syslog Server under Services >> AP External Syslog Server >> Then enter the Palo Alto IP address. >> Ensure "All Logs" is selected for "Send Logs" section.

Step 2 :
Go to Access Points >> Select the AP Zone and click on Edit >> Under Syslog >> Toggle "Enable external syslog server for APs" >> Select "AP External Syslog Server Profile" >> Select the Syslog profile you have created.

Again, it is not sure if the Palo Alto can take the Syslog details and extract the User ID details.

You can also try configuring the "Accounting Server" option in the SSID and point to the Palo Alto, which will forward the user accounting details. This should allow Palo Alto to extract the User ID details.

0 Kudos
Copyright © 2026 Khoros, LLC