04-20-2016 12:25 PM
We're using Syslog Export Filters to keep track of user login attempts in order to build an Access Tracker-like tool that also interfaces with some of our other systems. The tool is up and running and works pretty well but unfortunately ClearPass seems to hold requests for about 2 minutes before sending them all in a large batch.
Is there any way to change how often it sends the requests? It would be beneficial if our tool could be updated more frequently.
Solved! Go to Solution.
04-20-2016 01:30 PM - edited 04-20-2016 07:56 PM
This is a limitation of the batching today of the syslog export, its not real-time. We have had a number of conversations to reduce the batch window but no immediate plans.
Snr Tech Marketing Engineer - ClearPass
-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
04-20-2016 02:05 PM
Thank you for the quick response even though it's not the answer I was hoping to get. Is there any other way of retrieving login attempts from CPPM? And what is keeping Aruba from making the batching window configurable?
04-21-2016 01:18 AM
Authentication logging goes through the database, which facilitates centralized logging in cluster environments, however makes real-time syslog events somewhat challenging and requires fundamental changes in the way how logging is implemented. The log viewer in the product is real-time.
Please ask your partner, or if you are a partner to go to the idea portal in the Partner Center to add your specific requirements to the idea with the name: "ClearPass sent all events to external syslog immediately".
If you have urgent issues, please contact your Aruba partner or Aruba TAC (click for contact details).