Security

Reply
Contributor II
Posts: 66
Registered: ‎01-25-2013

logging in clearpass

Hi,

 

spent quite a time debugging why some people authenticating to our Clearpass (or those sponsoring the authentication) did not get any email notification.  Turned out to be our Exchange environment which was not permitting relaying mail for specific domains.

 

Such things are quickly visible in a linux environment by verifying the /var/log/maillog or syslog (where we should see relaying denied).  However i did not find any means of shell access.

 

Is there a way to get shell access?  Any way to configure a loghost? 

Guru Elite
Posts: 8,456
Registered: ‎09-08-2010

Re: logging in clearpass

[ Edited ]

Shell access is only available with TAC assistance (one time password).

 

You can configure syslog reporting under Administration > External Servers > Syslog Targets

 

Configure your logging levels under Administration > Server Manager > Log Configuration


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Contributor I
Posts: 31
Registered: ‎02-18-2015

Re: logging in clearpass

Tim - I had the same question.  So thanks.  But now I have a followup question for you.  

 

Under "Server Mangaer" > "Log Configucation"... I see two tabs were I can set teh "syslog levels"  Do you know what's the difference from one to the other?  More importantly which of these two applies to the "Syslog Targets"?   

 

I presume the options under "Log Config.." > "System Level"... Applies only to syslogs that get generated by the ClearPass server specific... NOT necessarily what is sent to the "Syslog Targets" is that right?  

Guru Elite
Posts: 8,456
Registered: ‎09-08-2010

Re: logging in clearpass

Syslog targets are tied to Syslog Export Filters.

 

If you wanted these system events, you would create an export filter with the "System Events" template and then add the syslog server target to the filter.


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Contributor I
Posts: 31
Registered: ‎02-18-2015

Re: logging in clearpass

Yes that's the obvious part.  But what I was trying to figure out is the "logging level".  I wasn't sure if the logging level that is defined under "Server Manager"  > "Log Configuration" also applies to the "Syslog Targets".   It looks like both are related.  

 

If configure a "Syslog Target" but I leave my "server manager > log config" unconfigured... Then nothing gets sent to the "syslog target".

 

I then configure both and I leave the "system levels" at default (WARN) then my syslog target does get any session logs that match my export filter. Regardless of what system levels I configure under server manager. Which is what I had expected.

 

It just takes a little more time for the export filter stuff to get sent out versus the normal syslog stuff. 

 

Sorry for the confusion.  I am still getting used to the nuaces...  

Search Airheads
Showing results for 
Search instead for 
Did you mean: