Collecting ClearPass logs from Command Line.

By esupport posted Feb 21, 2017 06:28 PM

  
Q:

Is it possible to collect the sever logs from command line if GUI is not accessible?



A:

Yes we can collect the logs from ClearPass command line using following command

 dump logs -f <output-file-name> [-s yyyy-mm-dd] [-e yyyy-mm-dd] [-n <days>] [-t <log-type>] [-h]
    where,
        -f = the output file to generate with the logs collected
        -s = the start date for the date range (default is today)
        -e = the end date for the date range (default is today)
        -n = use to define the date range as number of days from today
        -t = the type of logs to collect (can be specified multiple times)

For example:

We can mention the logs to be collected by using following keywords.

Types of logs to collect:
  SystemLogs      -> Collects system logs
  PerformanceMetricsLogs-> Collects performance metrics logs
  AirGroupLogs    -> Collects logs from AirGroup notification service
  ClearPassGuestLogs-> Collects logs from ClearPass Guest application
  ConfigBackup    -> Collects configuration backup (without passwords)
  DiagnosticDumps -> Collects diagnostic dumps from ClearPass services

  PolicyManagerLogs-> Collects logs from all PolicyManager services

Similarly we can also collect packet captures from CLI by mentioning -t PacketCapture while collecting logs

 PacketCapture   -> Capture packets for a fixed duration. Default is 60 seconds (set using -d 60).
                     Filter Options
                     -a:Sets Source Port
                     -A:Sets Destination Port
                     -b:Sets Source IP
                     -B:Sets Destination IP
                     -p:Sets Protocol
                     -c:Sets number of packets to be captured
                     -C:Sets size limit of logfile

Using Dump command from CLI we can also export ClearPass server certificate as well as Server Trust chain.

0 comments
1 view