Security

last person joined: 7 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Syslog with ClearPass

This thread has been viewed 5 times

  • 1.  Syslog with ClearPass

    Posted Sep 11, 2017 11:05 AM

    Hi All

     

    I've been testing Clearpass for use with eduroam and am just setting up the logging to our Syslog server. I have created a new Data Filter that looks for ( Common:Service CONTAINS eduroam ), and the logging is working for Accepts and Rejects. During my testing I took too long to login and received a TIMEOUT in Access Tracker, however this was not logged to Syslog. Does anyone know why Timeouts are not logged to Syslog.

     

    Clearpass Version is 6.5.7

     

    Thanks

     

    Dave



  • 2.  RE: Syslog with ClearPass

    EMPLOYEE
    Posted Sep 11, 2017 11:07 AM

    Is that the only rule in the data filter?

    When you apply the same data filter in Access Tracker, are the timeouts also not visible?



  • 3.  RE: Syslog with ClearPass

    Posted Sep 11, 2017 11:13 AM

    Hi Tim

     

    Yep, that is the only rule in the data filter.

    When I apply the filter to access tracker I can see the timeouts but I can't see them in Syslog, I can see every other request for that service but not the timeouts.

     

    Thanks

     

    Dave



  • 4.  RE: Syslog with ClearPass

    EMPLOYEE
    Posted Sep 11, 2017 11:22 AM
    If you’re seeing them in AT, you should be seeing them via Syslog. Please open a TAC case.


  • 5.  RE: Syslog with ClearPass

    EMPLOYEE
    Posted Sep 11, 2017 11:22 AM
    If you’re seeing them in AT, you should be seeing them via Syslog. Please open a TAC case.