Security

Hi there.  Our security people have asked that I send info to our security syslog server so they can track switch logins.  Our switches have TACACS set up on them so when we SSH to the switch it shows up in the live access tracker.  The problem is how to get that info to the syslog server!

I've set up the server but when it comes to setting up the export filter I have no clue what option to use.  Searching for information on the settings brings back a million adverts for PRTG and some for Aruba Solution Exchange which is deceased!  I've tried selecting TACACS Request and TACACS logging in the filter options but it seems to send logs for absolute everything except the TACACS login tracking.  I tried whittling down the options but I either get nothing or absolutely tons of info except what I want.  Can anyone help?  I just want the access tracking info shown in Clearpass to be sent to the syslog server.

Perhaps you can configure "logging x.x.x.x" on your switches that will then send the events/logs to your SYSLOG server directly.

Hi there.  Our security people have asked that I send info to our security syslog server so they can track switch logins.  Our switches have TACACS set up on them so when we SSH to the switch it shows up in the live access tracker.  The problem is how to get that info to the syslog server!

I've set up the server but when it comes to setting up the export filter I have no clue what option to use.  Searching for information on the settings brings back a million adverts for PRTG and some for Aruba Solution Exchange which is deceased!  I've tried selecting TACACS Request and TACACS logging in the filter options but it seems to send logs for absolute everything except the TACACS login tracking.  I tried whittling down the options but I either get nothing or absolutely tons of info except what I want.  Can anyone help?  I just want the access tracking info shown in Clearpass to be sent to the syslog server.

The syslog service is part of a third party security service and access is controlled by IP.  I don't want to have to set up 200 new entries to send everything they have when all I want to send is the notifications our Clearpass server collects when someone logs on a switch.

Perhaps you can configure "logging x.x.x.x" on your switches that will then send the events/logs to your SYSLOG server directly.

Hi there.  Our security people have asked that I send info to our security syslog server so they can track switch logins.  Our switches have TACACS set up on them so when we SSH to the switch it shows up in the live access tracker.  The problem is how to get that info to the syslog server!

I've set up the server but when it comes to setting up the export filter I have no clue what option to use.  Searching for information on the settings brings back a million adverts for PRTG and some for Aruba Solution Exchange which is deceased!  I've tried selecting TACACS Request and TACACS logging in the filter options but it seems to send logs for absolute everything except the TACACS login tracking.  I tried whittling down the options but I either get nothing or absolutely tons of info except what I want.  Can anyone help?  I just want the access tracking info shown in Clearpass to be sent to the syslog server.

I'm NO expert, but I believe that you can modify your "Syslog Export Filters" (Admin -> External Servers -> Syslog Export Filters) to send essentially whatever you want to the Syslog receiver.

The syslog service is part of a third party security service and access is controlled by IP.  I don't want to have to set up 200 new entries to send everything they have when all I want to send is the notifications our Clearpass server collects when someone logs on a switch.

Perhaps you can configure "logging x.x.x.x" on your switches that will then send the events/logs to your SYSLOG server directly.

Hi there.  Our security people have asked that I send info to our security syslog server so they can track switch logins.  Our switches have TACACS set up on them so when we SSH to the switch it shows up in the live access tracker.  The problem is how to get that info to the syslog server!

I've set up the server but when it comes to setting up the export filter I have no clue what option to use.  Searching for information on the settings brings back a million adverts for PRTG and some for Aruba Solution Exchange which is deceased!  I've tried selecting TACACS Request and TACACS logging in the filter options but it seems to send logs for absolute everything except the TACACS login tracking.  I tried whittling down the options but I either get nothing or absolutely tons of info except what I want.  Can anyone help?  I just want the access tracking info shown in Clearpass to be sent to the syslog server.

The issue is that I don't know what to filter.  Currently it's sending masses of information and I just want the login results.  Browsing through the ton of filters is not enlightening me as to which one it is I need to limit it too.  That's the info I need.  Which one sends the login result so our security app can record who logged into the switch?

I'm NO expert, but I believe that you can modify your "Syslog Export Filters" (Admin -> External Servers -> Syslog Export Filters) to send essentially whatever you want to the Syslog receiver.

The syslog service is part of a third party security service and access is controlled by IP.  I don't want to have to set up 200 new entries to send everything they have when all I want to send is the notifications our Clearpass server collects when someone logs on a switch.

Perhaps you can configure "logging x.x.x.x" on your switches that will then send the events/logs to your SYSLOG server directly.

Hi there.  Our security people have asked that I send info to our security syslog server so they can track switch logins.  Our switches have TACACS set up on them so when we SSH to the switch it shows up in the live access tracker.  The problem is how to get that info to the syslog server!

I've set up the server but when it comes to setting up the export filter I have no clue what option to use.  Searching for information on the settings brings back a million adverts for PRTG and some for Aruba Solution Exchange which is deceased!  I've tried selecting TACACS Request and TACACS logging in the filter options but it seems to send logs for absolute everything except the TACACS login tracking.  I tried whittling down the options but I either get nothing or absolutely tons of info except what I want.  Can anyone help?  I just want the access tracking info shown in Clearpass to be sent to the syslog server.