Splunk

Aruba Employee

ClearPass provides the capability to send various kinds of Authentication, Authorization and Accounting events as RFC 5424 compliant Syslog messages to any Syslog receiver when endpoints authenticate to the network. Splunk is a log management/SIEM solution that can receive Syslog messages from multiple sources. These messages are stored within Splunk and then can be correlated, searched, analyzed and displayed using its graphical user interface. 

 

The ClearPass for SPLUNK application provides administrators with a rich set of dashboards to visualize and navigate the wealth of information captured by ClearPass.  Whether its for capacity planning, authentication troubleshooting, security event correlation or detailed forensics, this application can be easily navigated by users of all levels to gain valuable insight into ClearPass and the broader network environment.

Specifications

 

Tips & Tricks

This is a native ClearPass integration. Refer to API documentation above for more information.

 

ClearPass for SPUNK download page: http://apps.splunk.com/app/1895

Supporting XML file for configuring ClearPass Syslog filters:

http://support.arubanetworks.com/Documentation/tabid/77/DMXModule/512/Command/Core_Download/Default.aspx?EntryId=15500

 

Version history
Revision #:
8 of 8
Last update:
‎11-21-2014 09:17 AM
Updated by:
 
Labels (3)
Contributors
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.