03-13-2015 08:26 AM
I am trying to write an alert in Insight that generates an email each time a user fails RADIUS authentication in ClearPass. I have it working with two issues.
1: It only generates an email every ten minutes listing all the failed auths in the last 10 minutes. I would like to generate 1 email per failure.
2: In the email I receive, it lists date, time, username, and error code (user auth failure). What I would ideally like is for it to be able to pull some more of the attributes from the Radius message and tell me the device it failed on, and the field in "Computed Attributes" for "Connection:Client-Mac-Vendor"
Is any of this possible? Attached is a screenshot of my alert as written. Any help is greatly appreciated.
10-15-2016 11:09 AM
have you managed to find answers to your questions?
I am trying to do similar thing, send 1 email for each Posture check that has Quarantine status. When i set threshold 1 in 1minute and there is not so much logs we can say that we get 1 email for 1 event. But sometimes we get multiple events in one email.
Also, in email we currently get only MAC address of the device but we would need at least Hostname and Posture check that is not Healthy.