Security

Reply
Valued Contributor I

Exporting radius authentication/accounting info via syslog

It's been suggested that I can use a syslog export filter to send clearpass radius authentication and accounting info out to a remote syslog server... which in turn could push it into logstash.

 

The problem with just proxying the accounting via a service is that you don't get the auth info, just the accounting

 

Have made an inital stab at doing this but can't see any traffic on the remote server so obviously I'm doing something wrong. Anone out there doing this sort of thing?

 

Rgds

Alex

Guru Elite

Re: Exporting radius authentication/accounting info via syslog

Valued Contributor I

Re: Exporting radius authentication/accounting info via syslog

Sigh!

Helps if you tell rsyslog to listen on apropriate UDP port for inbound traffic!

many thanks

A

Valued Contributor I

Re: Exporting radius authentication/accounting info via syslog

What syslog facility/level is used to send logs to the server ?

 

Guru Elite

Re: Exporting radius authentication/accounting info via syslog

I believe it’s level1

Tim Cappalli | Aruba Security
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Valued Contributor I

Re: Exporting radius authentication/accounting info via syslog

local1

 

o.k. got radius logs being dumped into a single file called radius.log now

 

thx

A

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: