ClearPass provides the capability to send various kinds of Authentication, Authorization and Accounting events as RFC 5424 compliant Syslog messages to any Syslog receiver when endpoints authenticate to the network. Splunk is a log management/SIEM solution that can receive Syslog messages from multiple sources. These messages are stored within Splunk and then can be correlated, searched, analyzed and displayed using its graphical user interface.
The ClearPass for SPLUNK application provides administrators with a rich set of dashboards to visualize and navigate the wealth of information captured by ClearPass. Whether its for capacity planning, authentication troubleshooting, security event correlation or detailed forensics, this application can be easily navigated by users of all levels to gain valuable insight into ClearPass and the broader network environment.
Tips & Tricks
This is a native ClearPass integration. Refer to API documentation above for more information.
ClearPass for SPUNK download page: http://apps.splunk.com/app/1895
Supporting XML file for configuring ClearPass Syslog filters: