Security

Reply
Occasional Contributor II

The username filed in the CPPM_Endpoint_Profile logs is always NULL

I can see the username field is filled in within the ClearPass TIPS UI, but that value is not being sent in the EndPoint logs.

 

Other questions

  • Why is it username and not user_name like it is in the other logs?
  • What scenarios result in the CPPM_Endpoint_Profile log line being written? It seems to be creates and updates, but what causes an update it all the data is the same every

 

Guru Elite

Re: The username filed in the CPPM_Endpoint_Profile logs is always NULL

The attribute name is "Username". It's a real attribute, not computed.

The profile data is updated every time the device does a DHCP discover.


Thanks,
Tim

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor II

Re: The username filed in the CPPM_Endpoint_Profile logs is always NULL

OK, that that covers when it occurs. That is helpful, since it explains why the wireless devies are updating all the time and the wired one rarely do.

 

So what needs to/can be done to get the username to actually populate in the logs sent out via syslog?

Guru Elite

Re: The username filed in the CPPM_Endpoint_Profile logs is always NULL

You will only receive the username during authentication and accounting
events.



If you are trying to use that as a lookup, you would want to use the Splunk
SQL lookup add-in using the ClearPass appexternal account.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: