Hi,
The Barracuda web security gateway has a feature where you can send syslogs from your AP to the device and it will parse user information. It can accept log files from both Aruba APs and Clearpass. Has anyone got this feature to work? I have a feeling it's an older feature and not a lot of people are using it. Barracuda says the log format needs to be the same as in their examples in order for the Barracuda to recognize the logs.
Here's an example from their web site on how the log should look:
08-18-2014 10:42:43 Local1.Debug 192.168.100.27 2014-08-18 10:42:42,650 192.168.100.27 For Cuda Grab 78 1 0 Common.Username=dnoble,Common.Service=Ancillae_802.1x_Wireless,Common.Roles=Ancillae_FAC_STAFF_STU, [User Authenticated],Common.Host-MAC-Address=e4ce8f1d29de,RADIUS.Acct-Framed-IP-Address=10.50.45.103,Common.NAS-IP-Address=192.168.100.27,Common.Request-Timestamp=2014
Here's an example of what my Clearpass is sending in syslogs:
2024-01-27 16:54:28 Local1.Debug 10.1.10.9 16:54:23,827 10.1.10.9 Log users to Barracuda 744 1 0 Common.Username=YiuT,Common.Service=BYOD 802.1X Wireless Access Service,Common.Roles=Wireless.US, [User Authenticated],Common.Host-MAC-Address=aaa78362e8b8,RADIUS.Acct-Framed-IP-Address=172.22.0.75,Common.NAS-IP-Address=10.3.0.15,Common.Request-Timestamp=2024-01-27 16:53:44-08
It's really, really similar. all of the comma delimited sections match. the only difference is time/date format. I'm wondering if there is a way I can adjust my time/date format to match what they have.