So for audit reasons, we need syslog to have at the very least what guest is mapped to what MAC or IP (either will do, because we have dhcp logs to verify the MAC to IP mappings). We do have syslog setup but I think the syslog filters aren't right, we don't see anything that would map the guest to a session or MAC/IP.
We don't really need any more than this, is there a syslog entry that will just syslog when the user authenticates (like a radius audit)? I realize it can be had on the servers themselves but we need to use syslog to both pass along audit info to other services and so we can source the traffic in the more distant past than the clearpass allows.