Contributor I

ClearPass Ingress Event Engine Testing


I'm trying to create a new simple Ingress Events Dictionary without success. I attached my example. I'd like map IP and userID coming from syslog but the event generates is blank.


Guru Elite

Re: ClearPass Ingress Event Engine Testing

Did you build a dictionary and map it to the event source?

| Tim Cappalli | Aruba Security | @timcappalli | |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Contributor I

Re: ClearPass Ingress Event Engine Testing

Yes I did.

I started with a configuration worked (PAN FW sends threat log and CPPM uses CoA to change authorization). What I did has been:

- Modify the dictionary in order to match a new syslog event;

- Associated  the nre dictionary just created in Configuration--Network-Event Sources

- Generare new syslog event and testing.


For troubleshooting I checked .pcap and igesyslog.log the format of syslog event. It seem ok

I check my matching rule in dictionary with It seem ok

What I've not able to do is troubleshooting regarding parsing of syslog.

Search Airheads
Showing results for 
Search instead for 
Did you mean: