Security

Reply
Frequent Contributor I
Posts: 74
Registered: ‎03-17-2016

ClearPass server not sending syslog messages

I've followed the User Guide by creating a new export destination server and then creating several syslog export filters.  I made sure to select the right syslog export destination as well as the subscriber servers I want to send logs from.  The destination server does not appear to be receiving anything despite me seeing several accounting messages on CPPM's access tracker.

 

I ran a packet capture on the port leading to the CPPM server in question that is authenticating users, but I don't see any traffic coming out of it destined for the export destination.  I've specifically create several RADIUS/TACACS+ policies and included all the available options under the filter, so I'm not sure what is wrong at this point.

 

All of my syslog export filters are shown as Enabled.

Wireless newb
Aruba Employee
Posts: 513
Registered: ‎02-19-2015

Re: ClearPass server not sending syslog messages

Hi Patrick,

 

We need to check syslogs to see why Clearpass is not able to export the logs to exteranl server, for this we need CLI access.

 

If you are using any ASCII characters in password, try reset the cluster password once without any special characters from Administration » Server Manager » Server Configuration  > Change Cluster password and check the status, if that does not reslove, please open TAC ticket to troubleshoot the issue further.

 

Regards,
Pavan

Frequent Contributor I
Posts: 74
Registered: ‎03-17-2016

Re: ClearPass server not sending syslog messages

I've created some dump logs to review and I can't seem to find a reason why this is happening.  I was able to collect them from the web UI by going to Configuration -> Server manager -> Server configuration, then clicking the radio button for the server I wanted logs from and clicking Collect Logs.

 

What log file in the .tar.gz package contains the information on why this would be failing?

Wireless newb
Search Airheads
Showing results for 
Search instead for 
Did you mean: