Security

last person joined: 9 hours ago 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

Guest User to MAC/IP syslog entry

  • 1.  Guest User to MAC/IP syslog entry

    Posted Apr 13, 2018 02:24 PM

    So for audit reasons, we need syslog to have at the very least what guest is mapped to what MAC or IP (either will do, because we have dhcp logs to verify the MAC to IP mappings).  We do have syslog setup but I think the syslog filters aren't right, we don't see anything that would map the guest to a session or MAC/IP.

     

    We don't really need any more than this, is there a syslog entry that will just syslog when the user authenticates (like a radius audit)?  I realize it can be had on the servers themselves but we need to use syslog to both pass along audit info to other services and so we can source the traffic in the more distant past than the clearpass allows.

     

     



  • 2.  RE: Guest User to MAC/IP syslog entry

    Posted Apr 13, 2018 03:31 PM


  • 3.  RE: Guest User to MAC/IP syslog entry

    Posted Apr 13, 2018 03:42 PM

    To be succint, here is how I get that information:

     

    show log all | include Successful


  • 4.  RE: Guest User to MAC/IP syslog entry

    Posted Apr 13, 2018 03:49 PM

    While that might work, that isn't using syslog. That means I have to get on the system and do something, I am talking just persuing syslog entries that are stored offline.



  • 5.  RE: Guest User to MAC/IP syslog entry

    Posted Apr 13, 2018 03:57 PM

    You could grep syslog for "Successful".  You would have to syslog the security and user logs with the level of "notifications" however.



  • 6.  RE: Guest User to MAC/IP syslog entry

    Posted Apr 13, 2018 04:17 PM

    Yes, I will try that.

    thanks.