Security

Hi,

My Clearpass 6.10 server is syslogging to my syslog server, and the time/date looks like YYYY-MM-DD HH-MM-SS

I'd like to change that to:  MM-DD-YYYY HH-MM-SS

Does anyone know how to do this?

Don't think you can change that. Most syslog servers have the option to add their own timestamp for when the message was received and you may be able to modify that.

The YYYY-MM-DD HH:MM:SS is a common format which has the benefit that it's easy to parse and you can easily sort with an alphanumeric sort.

Hi,

My Clearpass 6.10 server is syslogging to my syslog server, and the time/date looks like YYYY-MM-DD HH-MM-SS

I'd like to change that to:  MM-DD-YYYY HH-MM-SS

Does anyone know how to do this?

Thanks for the reply!  Can I ask another question related to logging?

My Clearpass server is syslogging to my syslog server.  But it appears to be logging only for my BYOD and Guest services.  I also have another service for my 802.1x EAP-TLS clients and it doesn't appear in the syslogs.  Here's an example of the logs my syslog server is receiving.  No entries for The TLS service.

2024-02-07 16:01:23    Local1.Debug    10.1.10.9    16:01:18,509 10.1.10.9 BarracudaLogs 4615 1 0 Common.Username=appXXX,Common.Service=BYOD 802.1X Wireless Access Service,Common.Roles=All US Faculty, SSS_Admin, SSS_US_Faculty, Share.OES_Registrar, Wireless.Employee, [User Authenticated],Common.Host-MAC-Address=221608XXXXX,RADIUS.Acct-Framed-IP-Address=172.2XXXX,Common.NAS-IP-Address=10.XX,Common.Request-Timestamp=2024-02-07 15:59:38-08

2024-02-07 16:01:23    Local1.Debug    10.1.10.9    16:01:18,509 10.1.10.9 BarracudaLogs 4618 1 0 Common.Username=leXXXX@oes.edu,Common.Service=Guest_ MAC Authentication,Common.Roles=[BYOD], [MAC Caching], [User Authenticated],Common.Host-MAC-Address=568XXXX13f51,RADIUS.Acct-Framed-IP-Address=172.22.3.43,Common.NAS-IP-Address=10.3.0.16,Common.Request-Timestamp=2024-02-07 16:01:00-08

2024-02-06 16:19:03    Local1.Debug    10.1.10.9    16:18:59,188 10.1.10.9 BarracudaLogs 2748 1 0 Common.Username=xoXXX,Common.Service=Guest_ User Authentication with MAC Caching,Common.Roles=[Guest], [User Authenticated],Common.Host-MAC-Address=5c5fX7cabXXX,RADIUS.Acct-Framed-IP-Address=172.23.0.72,Common.NAS-IP-Address=10.3.0.16,Common.Request-Timestamp=2024-02-06 16:17:11-08

Don't think you can change that. Most syslog servers have the option to add their own timestamp for when the message was received and you may be able to modify that.

The YYYY-MM-DD HH:MM:SS is a common format which has the benefit that it's easy to parse and you can easily sort with an alphanumeric sort.

Hi,

My Clearpass 6.10 server is syslogging to my syslog server, and the time/date looks like YYYY-MM-DD HH-MM-SS

I'd like to change that to:  MM-DD-YYYY HH-MM-SS

Does anyone know how to do this?

As these logs include Acct (Accounting) data, they probably originate from the Insight reporting database. Do your EAP-TLS sessions show up in Insight? Proper set up accounting for the SSID may be needed for that.

Thanks for the reply!  Can I ask another question related to logging?

My Clearpass server is syslogging to my syslog server.  But it appears to be logging only for my BYOD and Guest services.  I also have another service for my 802.1x EAP-TLS clients and it doesn't appear in the syslogs.  Here's an example of the logs my syslog server is receiving.  No entries for The TLS service.

2024-02-07 16:01:23    Local1.Debug    10.1.10.9    16:01:18,509 10.1.10.9 BarracudaLogs 4615 1 0 Common.Username=appXXX,Common.Service=BYOD 802.1X Wireless Access Service,Common.Roles=All US Faculty, SSS_Admin, SSS_US_Faculty, Share.OES_Registrar, Wireless.Employee, [User Authenticated],Common.Host-MAC-Address=221608XXXXX,RADIUS.Acct-Framed-IP-Address=172.2XXXX,Common.NAS-IP-Address=10.XX,Common.Request-Timestamp=2024-02-07 15:59:38-08

2024-02-07 16:01:23    Local1.Debug    10.1.10.9    16:01:18,509 10.1.10.9 BarracudaLogs 4618 1 0 Common.Username=leXXXX@oes.edu,Common.Service=Guest_ MAC Authentication,Common.Roles=[BYOD], [MAC Caching], [User Authenticated],Common.Host-MAC-Address=568XXXX13f51,RADIUS.Acct-Framed-IP-Address=172.22.3.43,Common.NAS-IP-Address=10.3.0.16,Common.Request-Timestamp=2024-02-07 16:01:00-08

2024-02-06 16:19:03    Local1.Debug    10.1.10.9    16:18:59,188 10.1.10.9 BarracudaLogs 2748 1 0 Common.Username=xoXXX,Common.Service=Guest_ User Authentication with MAC Caching,Common.Roles=[Guest], [User Authenticated],Common.Host-MAC-Address=5c5fX7cabXXX,RADIUS.Acct-Framed-IP-Address=172.23.0.72,Common.NAS-IP-Address=10.3.0.16,Common.Request-Timestamp=2024-02-06 16:17:11-08

Don't think you can change that. Most syslog servers have the option to add their own timestamp for when the message was received and you may be able to modify that.

The YYYY-MM-DD HH:MM:SS is a common format which has the benefit that it's easy to parse and you can easily sort with an alphanumeric sort.

Hi,

My Clearpass 6.10 server is syslogging to my syslog server, and the time/date looks like YYYY-MM-DD HH-MM-SS

I'd like to change that to:  MM-DD-YYYY HH-MM-SS

Does anyone know how to do this?