Security

last person joined: 2 days ago 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

access tracker retention?

  • 1.  access tracker retention?

    Posted Jan 12, 2015 12:08 PM

    What setting decides how long Access Tracker data is available?

    I've set the "Cleanup interval for Session log details in the database" inside the Cluster-wide parameters to 0 (zero) but still I cannot  access access tracker events from as little as a month back.

     

    What am I missing here?



  • 2.  RE: access tracker retention?

    Posted Jan 12, 2015 12:10 PM
    It's 7 days. If you need beyond 7, you should use an external logging
    solution like Splunk.


  • 3.  RE: access tracker retention?

    Posted Jan 12, 2015 12:12 PM

    Then what does that "Cleanup interval for Session log details in the database" do?

    The manual says the following:

     

    Specify the duration in number of days to keep the following data in the Policy Manager DB:
    l session logs (found on Access Tracker page)
    l event logs (found on Event Viewer page)
    l machine authentication cache
    The default value is 7 days.

     

    It accepts values from 0 to 15.



  • 4.  RE: access tracker retention?

    Posted Jan 12, 2015 12:14 PM
    You can use that, but the recommended is 7 days based on disk space
    requirements.


  • 5.  RE: access tracker retention?

    Posted Jan 12, 2015 12:17 PM

    OK fine, but I've set that value to zero thinking it would save stuff untill either I reset it or the disk runs out.

    Apparently it's neither so I'd like to know what setting it to zero actualy does and if it still doesn't reach a month, then what are the number behind it?

     

    Not talking about a highly loaded cppm here so I think a month isn't all that unobtainable in this case.



  • 6.  RE: access tracker retention?

    Posted Sep 26, 2016 08:34 AM

    Hi all,

     

    My apologies if it's the proper way to this message but I'm currently meeting issues to submit a new case in the community...

     

    To come back on this topic, is there another way to delete Access tracker logs except from the retention feature ? Something like a button or command "Clear Access Tracker logs dB" ? 

    If yes, would it also be possible for Accounting, Event Viewer, Audit Viewer etc ... ?

     

    Thank you.

     

    Best regards,

     

    Simon

     

     

     

     



  • 7.  RE: access tracker retention?

    Posted Nov 22, 2017 12:07 PM

    Hi, 

    I have a requirement to have the access-tracker information to be available for last two weeks, and another customer is asking for 30days. Is it impossible to have the access-tracker information to be available for more than 7 days, eventhough the clean up interval is set higher than 7 days? What is session log details? 

    Still not able to see the drop down as past 9 days..Still not able to see the drop down as past 9 days..Clean up interval set as 9 daysClean up interval set as 9 days



  • 8.  RE: access tracker retention?

    Posted Nov 22, 2017 12:17 PM
    You should send the data to your SIEM.


  • 9.  RE: access tracker retention?

    Posted Aug 16, 2018 07:08 PM

    Hi,

     

    Do you now if it possible do this with accelops like a SIEM?

     

    I need to see the logs for month, so we need to configure a SIEM, but only i have accelops available.

     

    thanks



  • 10.  RE: access tracker retention?

    Posted Jul 30, 2019 05:10 PM

    @cappalli wrote:
    You should send the data to your SIEM.


    I get it, SIEM is the recommended way to go, but let's just say I do not want to send the logs elsewhere. What is the process to increase History Retention on the EXISTING CPPM server?