Security

 View Only
last person joined: 22 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

Docxument detailing cppm syslog Data/Format

This thread has been viewed 9 times
  • 1.  Docxument detailing cppm syslog Data/Format

    MVP EXPERT
    Posted Feb 19, 2024 11:10 AM

    Hi,

    CPPM 6.11.7 - currently sending syslog data to a splunk setup .. problem is they dont want all of it ( trimmed down to auth and acounting)  and alo want  some details regarding whats in the syslog data. Just to save me time writing something, is there a cppm doc  that covers all this ?

    A



  • 2.  RE: Docxument detailing cppm syslog Data/Format

    Posted Feb 20, 2024 04:21 AM

    I'm not sure if I ever saw something like that, however if you configure RFC 5424 or CEF, there are field names in the logs that pretty much describe what is in the log file.

    Also, you configure yourself what fields are in the syslog message, so there is not really a standard log. Your SIEM vendor probably has guidance what data needs to be in the log messages to fully support your use-case.



    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------



  • 3.  RE: Docxument detailing cppm syslog Data/Format

    MVP EXPERT
    Posted Feb 20, 2024 05:03 AM
    Hi
    Sort of what I expected. Just looking to Dave myself some time documenting stuff. We’re sending data to a splunk team who want to know what’s they’re looking at in the syslog data … yes we’re using CEF.

    Ok I'll put something together
    Thx
    A