I don't see TACACS rejects either in syslog (but do see accepts). Can you open a TAC Support case for that?
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check
https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------
Original Message:
Sent: Feb 02, 2024 06:29 AM
From: boneyard
Subject: ClearPass no TACACS REJECTs in syslog?
I noticed that I'm not getting any REJECTs from a TACACS service in syslog.
In the access tracker the REJECTs show up, but not on the syslog server. I did a packet capture to be sure the really aren't in the traffic and didn't see them there either. So it isn't a syslog server issue.
The ACCEPTs show up fine on the syslog server side.
These are syslog filter settings.
Export Template: Session Logs
Include Audit Entity Details:
Export Event Format Type: Standard
Local Facility Level: Local Use 1 (local1)
Data Filter:
[TACACS Requests]
Columns Selection:
Common.Username
Common.Service
TACACS.Remote-Address
TACACS.Privilege-Level
Common.Request-Timestamp
Common.NAS-IP-Address
Common.NAS-Name
Common.Login-Status
Common.Enforcement-Profiles
Common.Roles
Common.Alerts
Common.Error-Code
Anyone seen this before or have an idea what is going on?