Trigger Email alert for Authentication Failure from Insight

By esupport posted May 22, 2019 02:50 PM

  • Insight should be enabled
  • SMTP Gateway should be configured
  • CPPM will require outbound access to the SMTP gateway through None/SSL/StartTLS port.


We can use ClearPass Insight to create alerts to trigger email/sms based on the filters available in the module.


Enabling Insight:
1. Login to the Publisher (Policy Manager) and navigate to Administration -> Server Manager -> Server Configuration 

2. Select the Publisher or Subscriber node where Insight and Insight Master needs to be enabled.

3. Select "Enable Insight" and "Enable as Insight Master"



Configuring SMTP:

4. Configure email gateway in Policy Manager -> Administration -> External Servers -> Messaging Setup.


Configuring Alerts:

5. Navigate to Insight Master (Publisher/Subscriber) -> Alerts -> Create New Alert

    Configure Alert Name, Category, Notify by Email, Filter and Trigger option.

    Threshold: Number of Authentication

    Interval: Time interval




1. Policy Manager -> Monitoring -> Live Monitoring -> Access Tracker shows the number of failed Authentication.


1. Navigate to Insight -> Alerts to check the recent alerts triggered from Insight module.


2. Sample email alert.


3. The alert will also be logged in the server logs under \PolicyManagerLogs\insight\insight.log.

2019-02-27 05:52:57,306 INFO   Alert [Authentication Failure] compute begin_dt2019-02-27 05:45:00+05:30
2019-02-27 05:52:57,306 INFO   Alert [Authentication Failure] hitcount3) begin_dt2019-02-27 05:45:00+05:30
2019-02-27 05:53:00,177 INFO   Alert [Authentication Failure] email done
2019-02-27 05:55:04,134 INFO   [al_auth_status]      [2019-02-27 05:40:04.126806+05:30] -> [2019-02-27 05:55:04+05:30] [134 ms

1 view