Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

ClearPass logs?

This thread has been viewed 14 times

  • 1.  ClearPass logs?

    Posted Nov 08, 2016 07:55 AM

    Hello I have few questions and doubts about logging in ClearPass.

    Is it normal that we have logs only from 7 days (14 max)? What we have to do to have longer history about RADIUS logs??

    Is anybody know how to decrease logs size? Is there any best practice for that? In chatty envoirment I notice that logs takes something about 50GB per day. Is it normal?

    I will be very appreciated for your answers.

     



  • 2.  RE: ClearPass logs?

    EMPLOYEE
    Posted Nov 08, 2016 07:59 AM
    7 days is the default. Insight can be used for reporting, but if you need
    long term logs, it's recommended to export to a SIEM.



    In terms of log size, that seems very high. Do you have debugs enabled?


  • 3.  RE: ClearPass logs?

    Posted Nov 08, 2016 09:22 AM

    No I don't. All logs levels are set on default (mostly INFO)

    Is there any formula or example value showing what logs size is normal.

    For example for 100k daily request it will be xxGB?? If you have any example I will be very grateful. 



  • 4.  RE: ClearPass logs?

    EMPLOYEE
    Posted Nov 08, 2016 09:25 AM
    I would work with TAC first to see why your logs are so high then work with local SE and Clearpass SE and partner to make sure your system is designed correctly for logging.