Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

ClearPass logging to Splunk missing most fields

This thread has been viewed 9 times

  • 1.  ClearPass logging to Splunk missing most fields

    Posted May 06, 2019 01:09 PM

    We are sending our ClearPass logs to Splunk, but it appears that most of the fields that are available in the Access Tracker are not being sent via syslog.

     

    Is there a way to have ClearPass send full verbose logs from the Access Tracker?  Without most of these fields, the logs are not very helpful.



  • 2.  RE: ClearPass logging to Splunk missing most fields
    Best Answer

    EMPLOYEE
    Posted May 06, 2019 01:13 PM

    Hello,

     

    Yes, you could configure the syslog filters, to check and uncheck the once, you want to send and not send accordingly.

     

    This article below should give you an idea of syslogs and filtering works on clearpass:

     

    Integrating ClearPass Policy Manager and Splunk - HPE Support Center

     

    https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05318424

     

    hope this helps

     

    --

     



  • 3.  RE: ClearPass logging to Splunk missing most fields

    Posted May 06, 2019 01:35 PM

    Thank you.  This is exactly what I was looking for.



  • 4.  RE: ClearPass logging to Splunk missing most fields

    EMPLOYEE
    Posted May 06, 2019 01:52 PM

    Happy to be able to help !!

     

    --

     

     



  • 5.  RE: ClearPass logging to Splunk missing most fields

    Posted Aug 22, 2019 03:33 PM

    This document is old and the Splunk app is not supported any longer.

     

    Now that Archsight is no longer an HPE product can someone @ HPE please rewite the Splunk app and get it  Splunk cloud approved?