Trigger Email alert for Authentication Failure from Insight
- Insight should be enabled
- SMTP Gateway should be configured
- CPPM will require outbound access to the SMTP gateway through None/SSL/StartTLS port.
We can use ClearPass Insight to create alerts to trigger email/sms based on the filters available in the module.
1. Login to the Publisher (Policy Manager) and navigate to Administration -> Server Manager -> Server Configuration
2. Select the Publisher or Subscriber node where Insight and Insight Master needs to be enabled.
3. Select "Enable Insight" and "Enable as Insight Master"
4. Configure email gateway in Policy Manager -> Administration -> External Servers -> Messaging Setup.
5. Navigate to Insight Master (Publisher/Subscriber) -> Alerts -> Create New Alert
Configure Alert Name, Category, Notify by Email, Filter and Trigger option.
Threshold: Number of Authentication
Interval: Time interval
1. Policy Manager -> Monitoring -> Live Monitoring -> Access Tracker shows the number of failed Authentication.
1. Navigate to Insight -> Alerts to check the recent alerts triggered from Insight module.
2. Sample email alert.
3. The alert will also be logged in the server logs under \PolicyManagerLogs\insight\insight.log.
2019-02-27 05:52:57,306 INFO Alert [Authentication Failure] compute begin_dt2019-02-27 05:45:00+05:30
2019-02-27 05:52:57,306 INFO Alert [Authentication Failure] hitcount3) begin_dt2019-02-27 05:45:00+05:30
2019-02-27 05:53:00,177 INFO Alert [Authentication Failure] email done
2019-02-27 05:55:04,134 INFO [al_auth_status] [2019-02-27 05:40:04.126806+05:30] -> [2019-02-27 05:55:04+05:30] [134 ms