Security

Reply
Contributor I

ClearPass logging to Splunk missing most fields

We are sending our ClearPass logs to Splunk, but it appears that most of the fields that are available in the Access Tracker are not being sent via syslog.

 

Is there a way to have ClearPass send full verbose logs from the Access Tracker?  Without most of these fields, the logs are not very helpful.

Frequent Contributor II

Re: ClearPass logging to Splunk missing most fields

Hello,

 

Yes, you could configure the syslog filters, to check and uncheck the once, you want to send and not send accordingly.

 

This article below should give you an idea of syslogs and filtering works on clearpass:

 

Integrating ClearPass Policy Manager and Splunk - HPE Support Center

 

 

hope this helps

 

--

 

-If you got what you need with my answer please give kudos and mark it as solution.
Contributor I

Re: ClearPass logging to Splunk missing most fields

Thank you.  This is exactly what I was looking for.

Frequent Contributor II

Re: ClearPass logging to Splunk missing most fields

Happy to be able to help !!

 

--

 

 

-If you got what you need with my answer please give kudos and mark it as solution.
New Contributor

Re: ClearPass logging to Splunk missing most fields

This document is old and the Splunk app is not supported any longer.

 

Now that Archsight is no longer an HPE product can someone @ HPE please rewite the Splunk app and get it  Splunk cloud approved?

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: