New Contributor

ClearPass Syslog Export Filter Update Frequency

We're using Syslog Export Filters to keep track of user login attempts in order to build an Access Tracker-like tool that also interfaces with some of our other systems. The tool is up and running and works pretty well but unfortunately ClearPass seems to hold requests for about 2 minutes before sending them all in a large batch. 


Is there any way to change how often it sends the requests? It would be beneficial if our tool could be updated more frequently.




Re: ClearPass Syslog Export Filter Update Frequency

This is a limitation of the batching today of the syslog export, its not real-time. We have had a number of conversations to reduce the batch window but no immediate plans.

Best Regards

ClearPass Product Manager

-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
New Contributor

Re: ClearPass Syslog Export Filter Update Frequency

Hi Danny,


Thank you for the quick response even though it's not the answer I was hoping to get. Is there any other way of retrieving login attempts from CPPM? And what is keeping Aruba from making the batching window configurable? 



Re: ClearPass Syslog Export Filter Update Frequency

Authentication logging goes through the database, which facilitates centralized logging in cluster environments, however makes real-time syslog events somewhat challenging and requires fundamental changes in the way how logging is implemented. The log viewer in the product is real-time.


Please ask your partner, or if you are a partner to go to the idea portal in the Partner Center to add your specific requirements to the idea with the name: "ClearPass sent all events to external syslog immediately".

If you have urgent issues, please contact your Aruba partner or Aruba TAC (click for contact details).
Search Airheads
Showing results for 
Search instead for 
Did you mean: