Security

last person joined: an hour ago 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

SOC Syslog Priority

Jump to Best Answer
  • 1.  SOC Syslog Priority

    Posted May 29, 2020 11:14 AM

    We have recently signed with a monitored SOC and purchased X amount of Nodes.  We have 1 Node left available and would like to include something from our wireless environment.  There has been quite a bit of internal discussion with pros and cons.  We originally chose the MM Team, but the 3rd party software doesnt like the syslog coming from the Team IP.

     

    Looking for opinions form the Airheads community on which device would provide best bang in this situation.  We have the following devices and can only pick one.

     

    Mobility Controllers (2)

    Mobility Masters (2)

    ClearPass

     Airwave

     

     



  • 2.  RE: SOC Syslog Priority
    Best Answer

    Posted May 30, 2020 02:41 AM

    IMO....

    > there's no point collecting from one MC and not the other

     

    > the MM doesn't really reveal any operationally interesting data in its logs

     

    > Airwave is not a syslog relay and doesn't really generate operationally syslog itself. You could consider to use the Alerts (after a lot of fine tuning) but that will generate traps not syslog

     

    > Clearpass... if you have a generally authenticated user base, this is probably the best choice if you can choose 1 only

     

    If you meant that you could choose "the two MCs" as "1", then there could be further pros and cons between MC or Clearpass depending on what is important (but I don't think that's what was meant?)