Security

 View Only
last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Clearpass Intune alerts

This thread has been viewed 21 times

  • 1.  Clearpass Intune alerts

    Posted 4 days ago

    hi Airheads,

    anyone know of a way of getting an alert from Clearpass Intune service when it is not running ?

    we have a customer running Clearpass Azure with Intune extension running and the Intune extension periodically stops every couple of months.

    cheers

    Pete



  • 2.  RE: Clearpass Intune alerts

    EMPLOYEE
    Posted 4 days ago

    There is an application Log in ClearPass Guest

    As an automatic export you can use an SQL statement for customized Syslog message :
    You will be using a keyword to trigger syslog - in this example it is "store". This you have to customize to your demands.


    Original Message


  • 3.  RE: Clearpass Intune alerts

    Posted 4 days ago

    Hi

    It's also possible to read the logs from the API with /extansion/instance/{id}/log

    With the API you can also start/restart the service.



    ------------------------------
    Best Regards
    Jonas Hammarbäck
    MVP Guru 2024, ACEX, ACDX #1600, ACCX #1335, ACX-Network Security, Aruba SME, ACMP, ACSA
    Aranya AB
    If you find my answer useful, consider giving kudos and/or mark as solution
    ------------------------------

    Original Message


  • 4.  RE: Clearpass Intune alerts

    EMPLOYEE
    Posted 52 minutes ago

    If this happens regularly, please make sure that you have the restart-policy: always in your extension configuration:

    ....
        "userGroupUpdateSchedule": "*/30 * * * *",
        "bypassProxy": false,
        "enableStats": false,
        "restartPolicy": "always",
        "statsUsername": "",
        "statsPassword": "********"
    }

    And if the extension still stops, please open a TAC case. It can't hurt to monitor as well, but the extension should not stop.



    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------

    Original Message


  • 5.  RE: Clearpass Intune alerts

    Posted 29 minutes ago

    Thanks Herman,

    That's definitely not in the configuration I'll add that in.

     

    p.s. thanks to all replies , I haven't had a chance to get a remote session with customer !!

     


    KHIPU - The Cyber Security Company
    Peter Elms
    Network Engineer
    Tel: +44 (0) 345 272 0910
    Mob: +44 (0)7425 565490
    Email: peter.elms@khipu-networks.com 

    SOC IN A BOX - Cost Effective SOC Services for any customer profile
    		 Twitter  
    KHIPU Networks Ltd is an ISO 9001 (Quality Management), ISO 27001 (Security Management), ISO 14001 (Environmental Management) and ISO 45001 (Occupational Health & Safety) certified company. KHIPU Networks Ltd supports the National Apprenticeship Scheme and employs and develops apprentices within all sectors of the company.

    This message is confidential and may contain privileged information. If you are not the addressee indicated in this message (or responsible for delivery of the message to them), you may not copy or deliver this message to anyone or take any action in reliance on it. If you have received this e-mail in error, please delete it and notify the sender as soon as possible. KHIPU Networks Ltd does not accept any liability for any harm that may be caused to the recipient's system or data by this message. Please carry out virus and other such checks as you consider appropriate. KHIPU emails are secured via SPF, DKIM and DMARC to reduce the risk of forgery.

    KHIPU Networks Limited, Registered Office: 3 Waterfront Business Park, Fleet, Hampshire GU51 3TW
    Registered in England. Company Number 5218573
    KHIPU Networks South Africa Limited, Registered Office:13 Waterford Mews, Century City, Cape Town, South Africa. Company number 2012/180716/07
    GDPR - Our privacy policy can be found here 




    Original Message