Security

last person joined: 7 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Best way to export log from Clearpass?

This thread has been viewed 15 times

  • 1.  Best way to export log from Clearpass?

    Posted Mar 02, 2018 03:40 AM

    Problem: Clearpass provides great views in policy manager monitoring section (live and other viewers for auth etc..). But I would like to use process this data for popping out certain notifications in a self made destop app.

     

    I already found some-what solution in here http://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/Collecting-ClearPass-logs-from-Command-Line/ta-p/288471

     

    But what is the best way to aquire these logs (especially failed auths) for further processing?

     

    Best Regards



  • 2.  RE: Best way to export log from Clearpass?

    Posted Mar 06, 2018 11:51 AM

    Not sure about the notifications from an app bit...  We simply use e-mail for notifications based on log events; however, I'm sure you can figure out a way to get that done.  

     

    You can configure a Syslog Export Filter (CPPM > Administration > External Servers > Syslog Export Filters) to send batches (not in real-time, 2 min interval) of relavant log bits to a syslog server.  You can then use your favorite log watcher application to trigger an event based on your criteria. 

     

    Good luck,