Security

last person joined: 8 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

syslog export filters

This thread has been viewed 10 times

  • 1.  syslog export filters

    Posted Aug 28, 2018 11:46 PM

    Hi All

     

    I am trying to build some dashboards in Splunk and am having trouble trying to work out syslog export filters.

     

    in our clearpass logs we see the following towards the end of the log file

     

    [Th 7211 Req 27998756 SessId R001ff748-02-5b85f2a4] INFO RadiusServer.Radius - Request processing time = 435 ms

     

    I want to be able to use the request processing time in Splunk and build a dashboard and some alerting around it where we can see trends and alerting if its too high.

     

    So far I have not been able to determine what field the request processing time is stored in or what fields I need to examine to be able to determine the value.

     

    I assume that as you can see the data under System Monitor-> Clearpass and in the Insight section that it must be stored somewhere just hoping that someone knows where.

     

    Any assistance is appreciated.

     

    Thanks 

     

     

     



  • 2.  RE: syslog export filters

    EMPLOYEE
    Posted Aug 28, 2018 11:48 PM
    Did you try the pre-built Splunk App for ClearPass?


  • 3.  RE: syslog export filters

    Posted Aug 29, 2018 12:19 AM

    Hi Tim

     

    Yeah we are using the Splunk app and the pre-build syslog export filters but it does not look like that info is there unless I need to work out the time difference between two fields.