Security

Reply
MVP

CPPM Syslog Export - skips events sometimes

I have configured RADIUS-success and RADIUS-failure syslogs export filters which appear to send the data I need. 

A search of the forums answered the first question ("why the delay") but not the second:

Why do some events I can see clearly in the activity-monitor never get sent to syslog?

We have made a test with 10 or so of us connecting with good credentials and then with bad ones, and appear to lose one or two in 10.

 

Has anyone else seen this?

--Matthew

if I've helped, please give kudos
if I've provided a solution, please mark the solution so others can find it

Re: CPPM Syslog Export - skips events sometimes

Can you please verify if the syslog messages are already missing when ClearPass sends them out? Or if they get lost in transport or on the Syslog server, which may do some rate limiting.

 

To check that out, I would do a 'Collect Logs' from the Server Configuration part of ClearPass where everything is unticked, just do packet capture. Then while the capture is running, generate logs and compare the syslog packets sent out with Access Tracker and the received logs on your syslog server.

 

If the logs do not go out according to the packet capture, you should open a case with your Aruba partner or Aruba TAC.

--
If you have urgent issues, please contact your Aruba partner or Aruba TAC (click for contact details).
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: