05-06-2019 10:08 AM
We are sending our ClearPass logs to Splunk, but it appears that most of the fields that are available in the Access Tracker are not being sent via syslog.
Is there a way to have ClearPass send full verbose logs from the Access Tracker? Without most of these fields, the logs are not very helpful.
Solved! Go to Solution.
05-06-2019 10:12 AM
Yes, you could configure the syslog filters, to check and uncheck the once, you want to send and not send accordingly.
This article below should give you an idea of syslogs and filtering works on clearpass:
Integrating ClearPass Policy Manager and Splunk - HPE Support Center
hope this helps
Re: ClearPass logging to Splunk missing most fields
08-22-2019 12:32 PM
This document is old and the Splunk app is not supported any longer.
Now that Archsight is no longer an HPE product can someone @ HPE please rewite the Splunk app and get it Splunk cloud approved?