Security

I am running CPM 6.4.1.6.

I want to create a filter under Analysis and Trending that shows the Online Status Data of online or offline. 

This is the field I am referring to under Request Details for Access Tracker

This is a simple Data Filter I made to test that does an OR on the two fields I beleive refer to "Online Status".

The issue is I am not returning any results. 

Thanks for any feedback.

The "online" status is tied to radius accounting.  Do you have your NAS sending radius accounting information in your environment to ClearPass?

Thanks Joe. Yes, I can see differentiation between offline/online/disabled in access tracker.

I checked out the radius accounting as you suggested and thought I found it, but still not working.

When I inspect the element it looks like using "contains" offline/online should work.

The field I am looking in under Radius Accounting is "Acct-Status-Type"

Do you have this enabled ?

Yes, i do.

Am I searching the correct field now?

"RADIUS Acct-Status-Type"

That is not the built-in Status you are seeing. That is a RADIUS attribute. I'm not sure you can currently do what you are trying.

I find it odd that it's an informational field and I can't filter by it?

It's not the field you are looking for. The online status is a ClearPass calculated field. The one you are seeing is an IETF RADIUS attribute.

Understood thanks, if i can not filter by the calculated field is there another attribute that I can filter by that would accomplish my end goal?

Endpoint Online status is computed from InsightDb and the query is as follows:

SELECT end_time IS null AS online FROM radius_acct WHERE calling_station_id='%{Connection:Client-Mac-Address-NoDelim}' ORDER BY updated_at DESC LIMIT 1;";

Kudos!

I entered that in the custom SQL though and im getting this error:

EDIT: Okay i see what you mean, that wasn't a custom query that can be ran in the datafilter custom SQL but it may help extract the info.