Security

 View Only

  • 1.  how to analyzer CPPM logs

    Posted Jun 27, 2023 07:01 PM

    Anyone please advises how to analyzer the clearpass logs?  what tool can read the clearpass logs etc?  or where can i look in the logs just download from the CPPM to see who change stuff in clearpass it cause the clearpass going down.  any assist will appreciate.  Thank you



  • 2.  RE: how to analyzer CPPM logs

    Posted Jun 28, 2023 08:53 AM

    Event Viewer or Audit Logs.  You can also send the ClearPass logs to any syslog receiver or SIEM.




  • 3.  RE: how to analyzer CPPM logs

    Posted Jun 28, 2023 09:50 AM

    the system logs i export out from Clearpass,  want to see who change and who doing what in the appliance.


    Original Message


  • 4.  RE: how to analyzer CPPM logs

    Posted Jun 28, 2023 09:54 AM
    The Audit Viewer is what you are looking for.


    Original Message


  • 5.  RE: how to analyzer CPPM logs

    Posted Jun 28, 2023 10:20 AM

    If you want to export those logs to your SIEM via syslog you need to have a Syslog Export Filter (Administration - External Servers - Syslog Export Filters) set using the Export Template "Audit Records". Here is an output from that;

    Jun 27 15:03:12 2023-06-27 15: 03:12,373 X.X.X.X CPPM_Audit_Record 956 1 0 Timestamp=Jun 27 2023 15:03:01.965 EDT,EntityName=<Service Name> Wireless,Category=Radius Enforcement Service,Action=MODIFY,User=waltr




Related Content