Collecting ClearPass logs from Command Line.
Is it possible to collect the sever logs from command line if GUI is not accessible?
Yes we can collect the logs from ClearPass command line using following command
dump logs -f <output-file-name> [-s yyyy-mm-dd] [-e yyyy-mm-dd] [-n <days>] [-t <log-type>] [-h]
-f = the output file to generate with the logs collected
-s = the start date for the date range (default is today)
-e = the end date for the date range (default is today)
-n = use to define the date range as number of days from today
-t = the type of logs to collect (can be specified multiple times)
We can mention the logs to be collected by using following keywords.
Types of logs to collect:
SystemLogs -> Collects system logs
PerformanceMetricsLogs-> Collects performance metrics logs
AirGroupLogs -> Collects logs from AirGroup notification service
ClearPassGuestLogs-> Collects logs from ClearPass Guest application
ConfigBackup -> Collects configuration backup (without passwords)
DiagnosticDumps -> Collects diagnostic dumps from ClearPass services
PolicyManagerLogs-> Collects logs from all PolicyManager services
Similarly we can also collect packet captures from CLI by mentioning -t PacketCapture while collecting logs
PacketCapture -> Capture packets for a fixed duration. Default is 60 seconds (set using -d 60).
-a:Sets Source Port
-A:Sets Destination Port
-b:Sets Source IP
-B:Sets Destination IP
-c:Sets number of packets to be captured
-C:Sets size limit of logfile
Using Dump command from CLI we can also export ClearPass server certificate as well as Server Trust chain.