Security

 View Only

  • 1.  cleanup in the endpoint database

    Posted Oct 20, 2020 08:41 AM

    I have a cleanup job to delete unknown endpoints after some time, but now i want to cleanup known endpoints now, we are using clearpass guest so all guest's endpoint are now known devices.

    I can see there's a cleanup job in server configuration but how does i count days? last seen or profiled? cause i have a lot of endpoints that i need to keep and they are online all the time.

     



  • 2.  RE: cleanup in the endpoint database

    Posted Oct 20, 2020 01:08 PM

    For guest accounts, the cleanup interval is tied to expiration time. 



  • 3.  RE: cleanup in the endpoint database

    Posted Oct 20, 2020 01:56 PM

    The Known endpoints cleanup interval field under Cluster Wide Parameters can be used to cleanup the Guest endpoints marked as known. Currently, the no. of days is calculated based on when the endpoint was added. To cleanup profiled endpoints, you'd have to set the Profiled Known endpoints cleanup option to TRUE.  



  • 4.  RE: cleanup in the endpoint database

    Posted Oct 21, 2020 02:55 AM

    i known i can do cleanup of the user in clearpass guest but is the device they used being deleted as well? i don't think so.

    Then i can't use the known cleanup if it uses the added date, then it will delete all my mac auth endpoint im using.

    Think i have to do a custom attribute with the time and date when it is authenticated and the do a cleanup with that attribute, either with api or manuel.



  • 5.  RE: cleanup in the endpoint database
    Best Answer

    Posted Oct 21, 2020 03:30 AM

    The key challenge with purging “Known” endpoints is the built in system mechanism deletes the endpoint based on the number of since it was created (created_at) this can range from 1-180days or 0 to never delete (unlike the “Unknown” which is based on the updated_at). Further, this affects all the endpoints so it is very hard to implement a natural cleanup system. The good news is the endpoint database can grow very large and is reasonably efficient in space usage. The bad news is to effectively cleanup you really need to rely on a 3rd party RESTful API script. That said I have known of guest environments with inexcusable of 5 million entries. However, random MAC addresses will make this worse. There is an open feature request to have the Known cleanup operate like the Unknown cleanup. In the meantime to generate Endpoint report use the updated_at attribute time see endpoints have have recently been used.



  • 6.  RE: cleanup in the endpoint database

    Posted Oct 22, 2020 01:43 AM

    Thx.

    I'll do an custom attribute and do a cleanup with that untill the feature request i complete



Related Content