Security

Reply
Contributor I
Posts: 34
Registered: ‎03-19-2015

tipsLogDb

Hi guys,

 

I need to define a custom source (SQL). Is this possible that I check, what is the custom query's output on the clearpass? For example: what is the output for the following query: 

1. SELECT d.attr_value FROM tips_session_log_details d, tips_dashboard_summary s WHERE s.id = d.session_id AND s.user_name = '%{Authentication:Username}' AND s.source = 'RADIUS' AND s.timestamp > now() - interval '5 minutes' and d.attr_name = 'Radius:Cisco:Cisco-AVPair' and d.attr_value like 'audit-session-id%' LIMIT 1;
Thanks,
Balazs
Guru Elite
Posts: 8,338
Registered: ‎09-08-2010

Re: tipsLogDb

You can use the appexternal account to connect to the postgres database and run queries/browse the tables. 

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Contributor I
Posts: 34
Registered: ‎03-19-2015

Re: tipsLogDb

Thank you!

Thanks,
Balazs
Frequent Contributor I
Posts: 77
Registered: ‎03-24-2013

Re: tipsLogDb

Did this Q work ? it is for Cisco ASA VPN CoA, please let me know if you were able to make this work.

 

Thank you.

Contributor I
Posts: 34
Registered: ‎03-19-2015

Re: tipsLogDb

[ Edited ]

Hi,

 

This question is out of date, because the clearpass can fetch the Radius:Cisco:Cisco-AVPair attributes from Radius query from ClearPass 6.6 as I remember. But keep in mind this solution can works only if the OnGuard Agent is in Authentication with health check status.

I hope this helps.

Thanks,
Balazs
Frequent Contributor I
Posts: 77
Registered: ‎03-24-2013

Re: tipsLogDb

Thanks for responding, we are seeing the attributes in teh radius request but not able to fetch while doing CoA, any idea how to do so ? the mentione Q does not work.

 

Guru Elite
Posts: 8,338
Registered: ‎09-08-2010

Re: tipsLogDb

You need to:

  1. Ensure you are on ClearPass 6.6.0 or greater
  2. Change your ASA from CiscoASA to Cisco in the NAD defitinion
  3. Create a new CoA profile and add:
    Radius:Cisco	Cisco-AVPair	=	%{Radius:Cisco:Cisco-AVPair}

Example:

Screen Shot 2017-03-04 at 10.20.52 AM.png


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Frequent Contributor I
Posts: 77
Registered: ‎03-24-2013

Re: tipsLogDb

Hi,

Tried it but without the service type field, it didnt work when tested with us...TAC adjusted the custom audit session query and worked fine after testing for 8 hrs :).

With cisco avpair will the health check service he able to fetch the session ID correctly ?


I will try to test with cisco avpair again and check if it works since I might have missed something.

Thanks a million
Search Airheads
Showing results for 
Search instead for 
Did you mean: