CPPM Syslog Export - skips events sometimes
09-01-2017 10:54 AM
I have configured RADIUS-success and RADIUS-failure syslogs export filters which appear to send the data I need.
A search of the forums answered the first question ("why the delay") but not the second:
Why do some events I can see clearly in the activity-monitor never get sent to syslog?
We have made a test with 10 or so of us connecting with good credentials and then with bad ones, and appear to lose one or two in 10.
Has anyone else seen this?
if I've helped, please give kudos
if I've provided a solution, please mark the solution so others can find it
Re: CPPM Syslog Export - skips events sometimes
09-04-2017 12:57 AM
Can you please verify if the syslog messages are already missing when ClearPass sends them out? Or if they get lost in transport or on the Syslog server, which may do some rate limiting.
To check that out, I would do a 'Collect Logs' from the Server Configuration part of ClearPass where everything is unticked, just do packet capture. Then while the capture is running, generate logs and compare the syslog packets sent out with Access Tracker and the received logs on your syslog server.
If the logs do not go out according to the packet capture, you should open a case with your Aruba partner or Aruba TAC.
If you have urgent issues, please contact your Aruba partner or Aruba TAC (click for contact details).