Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

logging in clearpass

This thread has been viewed 13 times

  • 1.  logging in clearpass

    Posted Mar 27, 2014 11:18 AM

    Hi,

     

    spent quite a time debugging why some people authenticating to our Clearpass (or those sponsoring the authentication) did not get any email notification.  Turned out to be our Exchange environment which was not permitting relaying mail for specific domains.

     

    Such things are quickly visible in a linux environment by verifying the /var/log/maillog or syslog (where we should see relaying denied).  However i did not find any means of shell access.

     

    Is there a way to get shell access?  Any way to configure a loghost? 



  • 2.  RE: logging in clearpass
    Best Answer

    EMPLOYEE
    Posted Mar 27, 2014 11:21 AM

    Shell access is only available with TAC assistance (one time password).

     

    You can configure syslog reporting under Administration > External Servers > Syslog Targets

     

    Configure your logging levels under Administration > Server Manager > Log Configuration



  • 3.  RE: logging in clearpass

    Posted May 06, 2015 02:13 PM

    Tim - I had the same question.  So thanks.  But now I have a followup question for you.  

     

    Under "Server Mangaer" > "Log Configucation"... I see two tabs were I can set teh "syslog levels"  Do you know what's the difference from one to the other?  More importantly which of these two applies to the "Syslog Targets"?   

     

    I presume the options under "Log Config.." > "System Level"... Applies only to syslogs that get generated by the ClearPass server specific... NOT necessarily what is sent to the "Syslog Targets" is that right?  



  • 4.  RE: logging in clearpass

    EMPLOYEE
    Posted May 06, 2015 04:01 PM

    Syslog targets are tied to Syslog Export Filters.

     

    If you wanted these system events, you would create an export filter with the "System Events" template and then add the syslog server target to the filter.



  • 5.  RE: logging in clearpass

    Posted May 06, 2015 04:38 PM

    Yes that's the obvious part.  But what I was trying to figure out is the "logging level".  I wasn't sure if the logging level that is defined under "Server Manager"  > "Log Configuration" also applies to the "Syslog Targets".   It looks like both are related.  

     

    If configure a "Syslog Target" but I leave my "server manager > log config" unconfigured... Then nothing gets sent to the "syslog target".

     

    I then configure both and I leave the "system levels" at default (WARN) then my syslog target does get any session logs that match my export filter. Regardless of what system levels I configure under server manager. Which is what I had expected.

     

    It just takes a little more time for the export filter stuff to get sent out versus the normal syslog stuff. 

     

    Sorry for the confusion.  I am still getting used to the nuaces...