Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Log AAA accounting info from clearpass to 3rd party servers

This thread has been viewed 4 times

  • 1.  Log AAA accounting info from clearpass to 3rd party servers

    Posted Jan 18, 2014 06:12 AM

    Hello Guys,

    '

    Is there an option in Aruba Clearpass to send all accounting information i.e. present under "Monitoring" (like user login to switch, commands using in switch, network utilization) to some external third party servers for logging?

     

    We could use that info in future references.

     

    Thank you,

    Bharani..



  • 2.  RE: Log AAA accounting info from clearpass to 3rd party servers
    Best Answer

    Posted Jan 18, 2014 05:59 PM
      |   view attached

    Here's what is available (6.2.4.58896):2014-01-18 17_57_26-ClearPass Policy Manager - Aruba Networks.png

     

    2014-01-18 17_55_34-ClearPass Policy Manager - Aruba Networks.png

    Read the user guide page 258

     

    Attachment(s)

    pdf
    Aruba_CPPM_User_Guide.pdf   8.38 MB 1 version


  • 3.  RE: Log AAA accounting info from clearpass to 3rd party servers
    Best Answer

    EMPLOYEE
    Posted Jan 18, 2014 06:09 PM
    There is also a feature request in for cppm to relay accounting but I don't have a commit version yet.


  • 4.  RE: Log AAA accounting info from clearpass to 3rd party servers

    Posted Sep 13, 2016 11:26 AM

    The feature to proxy accounting packets had been in CPPM since 6.5.x I think. Problem is that its slightly broken. I wanted to add a Filter-Id attribute to the accounting packets with the value of the inner-tunnel User-Name attribute stripped of any realm info and send it to a FreeRadius server for processing. It does do this but as of 6.6.0 still makes up the valiue of userid that gets sent in the Filter-Id attribute.

     

    Tested it on a standalone dev server and it seemed to work. Applied it to our 5 server production cluster and ..... it screwed up.