03-27-2014 08:17 AM
spent quite a time debugging why some people authenticating to our Clearpass (or those sponsoring the authentication) did not get any email notification. Turned out to be our Exchange environment which was not permitting relaying mail for specific domains.
Such things are quickly visible in a linux environment by verifying the /var/log/maillog or syslog (where we should see relaying denied). However i did not find any means of shell access.
Is there a way to get shell access? Any way to configure a loghost?
Solved! Go to Solution.
03-27-2014 08:20 AM - edited 03-27-2014 08:22 AM
Shell access is only available with TAC assistance (one time password).
You can configure syslog reporting under Administration > External Servers > Syslog Targets
Configure your logging levels under Administration > Server Manager > Log Configuration
05-06-2015 11:12 AM
Tim - I had the same question. So thanks. But now I have a followup question for you.
Under "Server Mangaer" > "Log Configucation"... I see two tabs were I can set teh "syslog levels" Do you know what's the difference from one to the other? More importantly which of these two applies to the "Syslog Targets"?
I presume the options under "Log Config.." > "System Level"... Applies only to syslogs that get generated by the ClearPass server specific... NOT necessarily what is sent to the "Syslog Targets" is that right?
05-06-2015 01:01 PM
05-06-2015 01:38 PM
Yes that's the obvious part. But what I was trying to figure out is the "logging level". I wasn't sure if the logging level that is defined under "Server Manager" > "Log Configuration" also applies to the "Syslog Targets". It looks like both are related.
If configure a "Syslog Target" but I leave my "server manager > log config" unconfigured... Then nothing gets sent to the "syslog target".
I then configure both and I leave the "system levels" at default (WARN) then my syslog target does get any session logs that match my export filter. Regardless of what system levels I configure under server manager. Which is what I had expected.
It just takes a little more time for the export filter stuff to get sent out versus the normal syslog stuff.
Sorry for the confusion. I am still getting used to the nuaces...