Q: Is it possible to collect the sever logs from command line if GUI is not accessible?
A: Yes we can collect the logs from ClearPass command line using following command
dump logs -f <output-file-name> [-s yyyy-mm-dd] [-e yyyy-mm-dd] [-n <days>] [-t <log-type>] [-h]
where,
-f = the output file to generate with the logs collected
-s = the start date for the date range (default is today)
-e = the end date for the date range (default is today)
-n = use to define the date range as number of days from today
-t = the type of logs to collect (can be specified multiple times)
For example:
We can mention the logs to be collected by using following keywords.
Types of logs to collect:
SystemLogs -> Collects system logs
PerformanceMetricsLogs-> Collects performance metrics logs
AirGroupLogs -> Collects logs from AirGroup notification service
ClearPassGuestLogs-> Collects logs from ClearPass Guest application
ConfigBackup -> Collects configuration backup (without passwords)
DiagnosticDumps -> Collects diagnostic dumps from ClearPass services
PolicyManagerLogs-> Collects logs from all PolicyManager services
Similarly we can also collect packet captures from CLI by mentioning -t PacketCapture while collecting logs
PacketCapture -> Capture packets for a fixed duration. Default is 60 seconds (set using -d 60).
Filter Options
-a:Sets Source Port
-A:Sets Destination Port
-b:Sets Source IP
-B:Sets Destination IP
-p:Sets Protocol
-c:Sets number of packets to be captured
-C:Sets size limit of logfile
Using Dump command from CLI we can also export ClearPass server certificate as well as Server Trust chain.