Write the query, see what impact that has on overall load in production. Syslog export is batched so you'll only see that impact at whatever interval you have set.
------------------------------
Carson Hulcher, ACEX#110
------------------------------
Original Message:
Sent: Dec 17, 2024 09:55 AM
From: cauliflower
Subject: Syslog filter including Aruba RADIUS attributes
We would like to include some extra info in our syslog exports from ClearPass - some of the info that appears as Aruba RADIUS attributes (eg AP group) would be great (though it might be that we can build some mapping in Elastic if we can't). Is this possible? I see custom SQL queries can be used but I'm wary of building queries that are going to add significant load. It would be useful to know what can be done.
ClearPass 6.12.3
Pub and SPub
4 x subscribers