Security

last person joined: 11 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Exporting radius authentication/accounting info via syslog

This thread has been viewed 7 times

  • 1.  Exporting radius authentication/accounting info via syslog

    Posted Jul 17, 2018 08:36 AM

    It's been suggested that I can use a syslog export filter to send clearpass radius authentication and accounting info out to a remote syslog server... which in turn could push it into logstash.

     

    The problem with just proxying the accounting via a service is that you don't get the auth info, just the accounting

     

    Have made an inital stab at doing this but can't see any traffic on the remote server so obviously I'm doing something wrong. Anone out there doing this sort of thing?

     

    Rgds

    Alex



  • 2.  RE: Exporting radius authentication/accounting info via syslog
    Best Answer

    EMPLOYEE


  • 3.  RE: Exporting radius authentication/accounting info via syslog

    Posted Jul 17, 2018 09:10 AM

    Sigh!

    Helps if you tell rsyslog to listen on apropriate UDP port for inbound traffic!

    many thanks

    A



  • 4.  RE: Exporting radius authentication/accounting info via syslog

    Posted Jul 17, 2018 09:32 AM

    What syslog facility/level is used to send logs to the server ?

     



  • 5.  RE: Exporting radius authentication/accounting info via syslog

    EMPLOYEE
    Posted Jul 17, 2018 09:39 AM
    I believe it’s level1


  • 6.  RE: Exporting radius authentication/accounting info via syslog

    Posted Jul 17, 2018 09:49 AM

    local1

     

    o.k. got radius logs being dumped into a single file called radius.log now

     

    thx

    A