Security

I am looking for possibility to filter Access Tracker logs by "Client IP" but can not find a filter available for the purpose on default filters, also not sure how to add a new filter. Any ideas?

------------------------------
SG
------------------------------

Here is one way that I've used before, not perfect but it works. The issue is you need to filter on the Accounting Framed-IP, this is not directly exposed in AT. So go to Data-Filter, create a new one like the below as an example...



------------------------------
Danny Jump
"Passionate about CPPM"
------------------------------

Original Message:
Sent: Jan 04, 2021 04:26 AM
From: Sunil Gajjar
Subject: ClearPass monitoring access tracker to search Client IP

I am looking for possibility to filter Access Tracker logs by "Client IP" but can not find a filter available for the purpose on default filters, also not sure how to add a new filter. Any ideas?

------------------------------
SG
------------------------------

Hi Danny, 

Thanks for your reply and showing me process to create/use data filter, I appreaciate it!
 
I forgot to mention that I am using TACACS wherein I don't see adding any IP address option other than "Remote-Address" and Remote-Address is for the address of the user machine trying to connect to the NAD-Client device configured for TACACS authentication. 

Any other way to filter for "NAD-IP-Address" or "Client IP" for TACACS?


------------------------------
Sunil Gajjar
------------------------------

Original Message:
Sent: Jan 04, 2021 03:19 PM
From: Danny Jump
Subject: ClearPass monitoring access tracker to search Client IP

Here is one way that I've used before, not perfect but it works. The issue is you need to filter on the Accounting Framed-IP, this is not directly exposed in AT. So go to Data-Filter, create a new one like the below as an example...

The in AT, change the query to use your data-filter.....

Now you see only session for this address.....

HTH

------------------------------
Danny Jump
"Passionate about CPPM"

Original Message:
Sent: Jan 04, 2021 04:26 AM
From: Sunil Gajjar
Subject: ClearPass monitoring access tracker to search Client IP

I am looking for possibility to filter Access Tracker logs by "Client IP" but can not find a filter available for the purpose on default filters, also not sure how to add a new filter. Any ideas?

------------------------------
SG
------------------------------

Would this work for you?



------------------------------
Danny Jump
"Passionate about CPPM"
------------------------------

Original Message:
Sent: Jan 06, 2021 01:54 AM
From: Sunil Gajjar
Subject: ClearPass monitoring access tracker to search Client IP

Hi Danny, 

Thanks for your reply and showing me process to create/use data filter, I appreaciate it!
 
I forgot to mention that I am using TACACS wherein I don't see adding any IP address option other than "Remote-Address" and Remote-Address is for the address of the user machine trying to connect to the NAD-Client device configured for TACACS authentication. 

Any other way to filter for "NAD-IP-Address" or "Client IP" for TACACS?


------------------------------
Sunil Gajjar

Original Message:
Sent: Jan 04, 2021 03:19 PM
From: Danny Jump
Subject: ClearPass monitoring access tracker to search Client IP

Here is one way that I've used before, not perfect but it works. The issue is you need to filter on the Accounting Framed-IP, this is not directly exposed in AT. So go to Data-Filter, create a new one like the below as an example...

The in AT, change the query to use your data-filter.....

Now you see only session for this address.....

HTH

------------------------------
Danny Jump
"Passionate about CPPM"

Original Message:
Sent: Jan 04, 2021 04:26 AM
From: Sunil Gajjar
Subject: ClearPass monitoring access tracker to search Client IP

I am looking for possibility to filter Access Tracker logs by "Client IP" but can not find a filter available for the purpose on default filters, also not sure how to add a new filter. Any ideas?

------------------------------
SG
------------------------------

Cool, it works...being a novice to ClearPass I never thought NAS IP address can work as NAD IP Address.

Thanks a bunch!

------------------------------
Sunil Gajjar
------------------------------

Original Message:
Sent: Jan 06, 2021 01:42 PM
From: Danny Jump
Subject: ClearPass monitoring access tracker to search Client IP

Would this work for you?

------------------------------
Danny Jump
"Passionate about CPPM"

Original Message:
Sent: Jan 06, 2021 01:54 AM
From: Sunil Gajjar
Subject: ClearPass monitoring access tracker to search Client IP

Hi Danny, 

Thanks for your reply and showing me process to create/use data filter, I appreaciate it!
 
I forgot to mention that I am using TACACS wherein I don't see adding any IP address option other than "Remote-Address" and Remote-Address is for the address of the user machine trying to connect to the NAD-Client device configured for TACACS authentication. 

Any other way to filter for "NAD-IP-Address" or "Client IP" for TACACS?


------------------------------
Sunil Gajjar

Original Message:
Sent: Jan 04, 2021 03:19 PM
From: Danny Jump
Subject: ClearPass monitoring access tracker to search Client IP

Here is one way that I've used before, not perfect but it works. The issue is you need to filter on the Accounting Framed-IP, this is not directly exposed in AT. So go to Data-Filter, create a new one like the below as an example...

The in AT, change the query to use your data-filter.....

Now you see only session for this address.....

HTH

------------------------------
Danny Jump
"Passionate about CPPM"

Original Message:
Sent: Jan 04, 2021 04:26 AM
From: Sunil Gajjar
Subject: ClearPass monitoring access tracker to search Client IP

I am looking for possibility to filter Access Tracker logs by "Client IP" but can not find a filter available for the purpose on default filters, also not sure how to add a new filter. Any ideas?

------------------------------
SG
------------------------------