Security

last person joined: 22 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

The username filed in the CPPM_Endpoint_Profile logs is always NULL

This thread has been viewed 0 times

  • 1.  The username filed in the CPPM_Endpoint_Profile logs is always NULL

    Posted Aug 31, 2015 01:39 PM

    I can see the username field is filled in within the ClearPass TIPS UI, but that value is not being sent in the EndPoint logs.

     

    Other questions

    • Why is it username and not user_name like it is in the other logs?
    • What scenarios result in the CPPM_Endpoint_Profile log line being written? It seems to be creates and updates, but what causes an update it all the data is the same every

     



  • 2.  RE: The username filed in the CPPM_Endpoint_Profile logs is always NULL
    Best Answer

    EMPLOYEE
    Posted Aug 31, 2015 01:42 PM
    The attribute name is "Username". It's a real attribute, not computed.

    The profile data is updated every time the device does a DHCP discover.


    Thanks,
    Tim


  • 3.  RE: The username filed in the CPPM_Endpoint_Profile logs is always NULL

    Posted Aug 31, 2015 01:51 PM

    OK, that that covers when it occurs. That is helpful, since it explains why the wireless devies are updating all the time and the wired one rarely do.

     

    So what needs to/can be done to get the username to actually populate in the logs sent out via syslog?



  • 4.  RE: The username filed in the CPPM_Endpoint_Profile logs is always NULL

    EMPLOYEE
    Posted Aug 31, 2015 01:53 PM
    You will only receive the username during authentication and accounting
    events.



    If you are trying to use that as a lookup, you would want to use the Splunk
    SQL lookup add-in using the ClearPass appexternal account.