I've created a new Ingress Events Dictionaries, in which I parse logs.
In Monitoring » Live Monitoring » Access Tracker I see assigned values
unfortunately, when enforcing policies, it does not honor mapped values
when I use pre-defined events that are mapped, everything works.
is it possible to edit predefined events or where I can create such type of events?
Also check the xml: in the Access Tracker you have attributes as "Event:Action" and in the Enforcemnt Profile you're checking "Event:Fortigate:action".
In the Ingress Event Dictionary you need to add the "Pattern-Name" with the value "Fortigate" and confirm that it's also in the attributes that you show in the Access Tracker.
I added the "Pattern-Name" attribute as "fortigate".Unfortunately, nothing has changed
can you share the xml?
Here you are
I think you missed a small piece of code in you xml. You can download an example of other IEE dictionary from ClearPass and look for a ruby code. You need to add it to your file and modify the line:
newFieldName = 'Event:Fortigate:'+ k
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2021 Hewlett Packard Enterprise Development LPAll Rights Reserved.