Security

Reply
Contributor II
Posts: 54
Registered: ‎11-24-2014

Reference RADIUS Alerts

Does anyone know how to reference the specific alerts in the access log to send to a external context server? For example, if I want to reference the username, I would use %{Authentication:Username}. Specifically, I am interested in referencing the RADIUS alerts to send the specific failure reason in a helpdesk ticket (see screenshot)

 

Thanks!

Guru Elite
Posts: 21,260
Registered: ‎03-29-2007

Re: Reference RADIUS Alerts

You could use an external syslog and parse for "Common.Alerts-Present<>0"

 

<143>2014-04-03 10:03:56,535 10.17.6.54 All Session Log Fields 0 1 0 Common.Alerts-Present=0,Common.Audit-Posture-Token=UNKNOWN,Common.Auth-Type=,Common.Enforcement- Profiles=EAI ClearPass Identity Provider (SAML IdP Service) Profile,Common.Error- Code=0,Common.Host-MAC-Address=,Common.Login-Status=ACCEPT,Common.Monitor- Mode=Disabled,Common.Request-Id=W00000037-01-533ce4a8,Common.Request-Timestamp=2014-04-03 10:03:44.785+05:30,Common.Roles=[User Authenticated],Common.Service=EAI ClearPass Identity Provider (SAML IdP Service),Common.Source=Application,Common.System-Posture-Token=UNKNOWN,Common.Username=prem4,WEBAUTH.Auth-Source=ClearPass Lab AD,WEBAUTH.Host-IP- Address=127.0.0.1,Common.Alerts=WebAuthService: User 'prem4' not present in [Local User Repository](localhost),
<143>2014-04-03 12:01:59,542 10.17.6.54 All Session Log Fields 2 1 0 Common.Alerts- Present=0,Common.Audit-Posture-Token=UNKNOWN,Common.Auth-Type=,Common.Connection- Status=Unknown,Common.Enforcement-Profiles=Prem650 wireless access Aruba 802.1X Wireless Profile1,Common.Error-Code=0,Common.Host-MAC-Address=bc20a4d791f0,Common.Login- Status=ACCEPT,Common.Monitor-Mode=Disabled,Common.NAS-IP-Address=10.20.22.85,Common.NAS- Port=0,Common.Request-Id=R0000001f-01-533d0045,Common.Request-Timestamp=2014-04-03 12:01:33+05:30,Common.Roles=[User Authenticated],Common.Service=Aruba ASO,Common.Source=RADIUS,Common.System-Posture- Token=UNKNOWN,Common.Username=prem3,RADIUS.Auth-Method=MSCHAP,RADIUS.Auth- Source=AD:adisam.arubapoc.local,

https://support.arubanetworks.com/Documentation/tabid/77/DMXModule/512/Command/Core_Download/Default.aspx?EntryId=13860



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Contributor II
Posts: 54
Registered: ‎11-24-2014

Re: Reference RADIUS Alerts

Was hoping for an easy solution haha. Thank you anyway!

Search Airheads
Showing results for 
Search instead for 
Did you mean: