07-17-2018 05:36 AM
It's been suggested that I can use a syslog export filter to send clearpass radius authentication and accounting info out to a remote syslog server... which in turn could push it into logstash.
The problem with just proxying the accounting via a service is that you don't get the auth info, just the accounting
Have made an inital stab at doing this but can't see any traffic on the remote server so obviously I'm doing something wrong. Anone out there doing this sort of thing?
Solved! Go to Solution.
07-17-2018 05:44 AM