Security

last person joined: 22 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

SOC Syslog Priority

This thread has been viewed 2 times

  • 1.  SOC Syslog Priority

    Posted May 29, 2020 11:14 AM

    We have recently signed with a monitored SOC and purchased X amount of Nodes.  We have 1 Node left available and would like to include something from our wireless environment.  There has been quite a bit of internal discussion with pros and cons.  We originally chose the MM Team, but the 3rd party software doesnt like the syslog coming from the Team IP.

     

    Looking for opinions form the Airheads community on which device would provide best bang in this situation.  We have the following devices and can only pick one.

     

    Mobility Controllers (2)

    Mobility Masters (2)

    ClearPass

     Airwave

     

     



  • 2.  RE: SOC Syslog Priority
    Best Answer

    EMPLOYEE
    Posted May 30, 2020 02:41 AM

    IMO....

    > there's no point collecting from one MC and not the other

     

    > the MM doesn't really reveal any operationally interesting data in its logs

     

    > Airwave is not a syslog relay and doesn't really generate operationally syslog itself. You could consider to use the Alerts (after a lot of fine tuning) but that will generate traps not syslog

     

    > Clearpass... if you have a generally authenticated user base, this is probably the best choice if you can choose 1 only

     

    If you meant that you could choose "the two MCs" as "1", then there could be further pros and cons between MC or Clearpass depending on what is important (but I don't think that's what was meant?)