Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

ClearPass Syslog Export

This thread has been viewed 16 times

  • 1.  ClearPass Syslog Export

    Posted Jul 29, 2020 06:04 AM

    Hi,


    Quick question.  I have followed this guide to configure the export of ClearPass events to an external syslog server: https://www.arubanetworks.com/techdocs/ClearPass/6.7/PolicyManager/index.htm#CPPM_UserGuide/Admin/syslogExportFilters.html%3FTocPath%3DAdministration%7C%2520External%2520Servers%7CSyslog%2520Export%2520Filters%7C_____0


    However no logs are being sent. 


    Do I need to configure and enable the logging under Server Manager> Log configuration and then tick the boxes to enable syslog and enter my syslog server details here also or is this for non-filtered logging?

     

    Thanks



  • 2.  RE: ClearPass Syslog Export

    EMPLOYEE
    Posted Jul 29, 2020 12:28 PM

    Hi Scottm.

     

    its not necessary , by configuring the Syslog Target and Correct filter should work.

     

    By configuring in Log configuration > Syslog server you can specify the default log level for each service and its associated modules based on DEBUGGING requirement. 

     

    Please make sure UDP or TCP ( as per configured in syslog target) port 514 is open between ClearPass and Syslog server.

     

    Or else work with TAC for faster resolution.

     

     

     



  • 3.  RE: ClearPass Syslog Export

    Posted Jul 30, 2020 03:27 AM

    I got it working after changing the export syslog filter methods from Standard to CEF.

     

    Thanks