Security

Reply
Occasional Contributor II
Posts: 16
Registered: ‎07-28-2015

ClearPass logs?

Hello I have few questions and doubts about logging in ClearPass.

Is it normal that we have logs only from 7 days (14 max)? What we have to do to have longer history about RADIUS logs??

Is anybody know how to decrease logs size? Is there any best practice for that? In chatty envoirment I notice that logs takes something about 50GB per day. Is it normal?

I will be very appreciated for your answers.

 

Guru Elite
Posts: 8,638
Registered: ‎09-08-2010

Re: ClearPass logs?

7 days is the default. Insight can be used for reporting, but if you need
long term logs, it's recommended to export to a SIEM.



In terms of log size, that seems very high. Do you have debugs enabled?

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor II
Posts: 16
Registered: ‎07-28-2015

Re: ClearPass logs?

[ Edited ]

No I don't. All logs levels are set on default (mostly INFO)

Is there any formula or example value showing what logs size is normal.

For example for 100k daily request it will be xxGB?? If you have any example I will be very grateful. 

Aruba
Posts: 1,545
Registered: ‎06-12-2012

Re: ClearPass logs?

I would work with TAC first to see why your logs are so high then work with local SE and Clearpass SE and partner to make sure your system is designed correctly for logging.
Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
Search Airheads
Showing results for 
Search instead for 
Did you mean: