Requirement:
- Insight should be enabled
- SMTP Gateway should be configured
- CPPM will require outbound access to the SMTP gateway through None/SSL/StartTLS port.
Solution:We can use ClearPass Insight to create alerts to trigger email/sms based on the filters available in the module.
Configuration:Enabling Insight:
1. Login to the Publisher (Policy Manager) and navigate to Administration -> Server Manager -> Server Configuration
2. Select the Publisher or Subscriber node where Insight and Insight Master needs to be enabled.
3. Select "Enable Insight" and "Enable as Insight Master"
Configuring SMTP:
4. Configure email gateway in Policy Manager -> Administration -> External Servers -> Messaging Setup.
Configuring Alerts:
5. Navigate to Insight Master (Publisher/Subscriber) -> Alerts -> Create New Alert
Configure Alert Name, Category, Notify by Email, Filter and Trigger option.
Threshold: Number of Authentication
Interval: Time interval
Verification1. Policy Manager -> Monitoring -> Live Monitoring -> Access Tracker shows the number of failed Authentication.
1. Navigate to Insight -> Alerts to check the recent alerts triggered from Insight module.
2. Sample email alert.
3. The alert will also be logged in the server logs under \PolicyManagerLogs\insight\insight.log.
2019-02-27 05:52:57,306 INFO Alert [Authentication Failure] compute begin_dt2019-02-27 05:45:00+05:30
2019-02-27 05:52:57,306 INFO Alert [Authentication Failure] hitcount3) begin_dt2019-02-27 05:45:00+05:30
2019-02-27 05:53:00,177 INFO Alert [Authentication Failure] email done
2019-02-27 05:55:04,134 INFO [al_auth_status] [2019-02-27 05:40:04.126806+05:30] -> [2019-02-27 05:55:04+05:30] [134 ms