Security

 View Only
last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

Clearpass change syslog time/date format?

This thread has been viewed 11 times
  • 1.  Clearpass change syslog time/date format?

    Posted Jan 30, 2024 11:43 AM

    Hi,

    My Clearpass 6.10 server is syslogging to my syslog server, and the time/date looks like YYYY-MM-DD HH-MM-SS

    I'd like to change that to:  MM-DD-YYYY HH-MM-SS

    Does anyone know how to do this?



  • 2.  RE: Clearpass change syslog time/date format?

    EMPLOYEE
    Posted Feb 12, 2024 11:59 AM

    Don't think you can change that. Most syslog servers have the option to add their own timestamp for when the message was received and you may be able to modify that.

    The YYYY-MM-DD HH:MM:SS is a common format which has the benefit that it's easy to parse and you can easily sort with an alphanumeric sort.



    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------



  • 3.  RE: Clearpass change syslog time/date format?

    Posted Feb 12, 2024 02:05 PM

    Thanks for the reply!  Can I ask another question related to logging?

    My Clearpass server is syslogging to my syslog server.  But it appears to be logging only for my BYOD and Guest services.  I also have another service for my 802.1x EAP-TLS clients and it doesn't appear in the syslogs.  Here's an example of the logs my syslog server is receiving.  No entries for The TLS service.

    2024-02-07 16:01:23    Local1.Debug    10.1.10.9    16:01:18,509 10.1.10.9 BarracudaLogs 4615 1 0 Common.Username=appXXX,Common.Service=BYOD 802.1X Wireless Access Service,Common.Roles=All US Faculty, SSS_Admin, SSS_US_Faculty, Share.OES_Registrar, Wireless.Employee, [User Authenticated],Common.Host-MAC-Address=221608XXXXX,RADIUS.Acct-Framed-IP-Address=172.2XXXX,Common.NAS-IP-Address=10.XX,Common.Request-Timestamp=2024-02-07 15:59:38-08

    2024-02-07 16:01:23    Local1.Debug    10.1.10.9    16:01:18,509 10.1.10.9 BarracudaLogs 4618 1 0 Common.Username=leXXXX@oes.edu,Common.Service=Guest_ MAC Authentication,Common.Roles=[BYOD], [MAC Caching], [User Authenticated],Common.Host-MAC-Address=568XXXX13f51,RADIUS.Acct-Framed-IP-Address=172.22.3.43,Common.NAS-IP-Address=10.3.0.16,Common.Request-Timestamp=2024-02-07 16:01:00-08

    2024-02-06 16:19:03    Local1.Debug    10.1.10.9    16:18:59,188 10.1.10.9 BarracudaLogs 2748 1 0 Common.Username=xoXXX,Common.Service=Guest_ User Authentication with MAC Caching,Common.Roles=[Guest], [User Authenticated],Common.Host-MAC-Address=5c5fX7cabXXX,RADIUS.Acct-Framed-IP-Address=172.23.0.72,Common.NAS-IP-Address=10.3.0.16,Common.Request-Timestamp=2024-02-06 16:17:11-08




  • 4.  RE: Clearpass change syslog time/date format?

    EMPLOYEE
    Posted Feb 13, 2024 03:10 AM

    As these logs include Acct (Accounting) data, they probably originate from the Insight reporting database. Do your EAP-TLS sessions show up in Insight? Proper set up accounting for the SSID may be needed for that.



    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------



  • 5.  RE: Clearpass change syslog time/date format?

    Posted Feb 13, 2024 11:07 AM

    Hey that was it.  The AAA profile was missing for that SSID in the Aruba wireless.  thanks.