Security

Hello,

 

I'm wondering if anyone out there has written any clever alerts in Clearpass Insight that they might be able to share.  I'm looking into beefing up our monitoring of our CPPM production deployment.

 

I'm specifically interested in monitoring the license usage as a percentage of the unique authentications allowed.  I'd like to know if we're at 85-90% of the 500/5k threshholds ideally, but definitely want an alert when we reach capacity.  I assume a warn/error log entry is thrown when this happens.  Anyone know what that looks like and whether or not it's something I can catch in Insight?

 

Thanks,

 

Jason

As of today most use the system alerts built into the cluster wide settings. You can also set alerts in insight for system events. I don't belive you can do capacity alerts but I will check. You can also send all the information your looking for to a syslog server and you can create alerts in it. There is a slunk app built that will give you everything you listed.

https://ase.arubanetworks.com/solutions/id/70

Thanks, I do have the clusterwide alerts enabled and working.  Their somewhat noisy though (at the moment, at least) as I have them set to send out both warnings and errors.  I'll look into catching this in splunk, but the thing is I haven't seen any license related warnings yet, so right now I'm not sure I'll know what I'm looking for until it's too late.  That is, unless the splunk app has all that built in...

Yes it does. :-) The guys did a great job of setting baseline matrix. There will be an event notification if you do hit your lic limit.

 

 

 

 

You can get the SPLUNK app for frre from here.....

 

https://apps.splunk.com/app/1895/

 

Also, to add, in our next release we will release a Private MIB that can be complied in to your favorite NMS to provide additional monitoring for ClearPass OID's to extend the management of ClearPass.