Versions Compared

Old Version 1

changes.mady.by.user Juan Tomás Alonso Nieto

Saved on

compared with

New Version 2

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents
maxLevel2
minLevel2
typeflat

...

03:51:52,778 10.101.3.40 CPPM_Alert 2378010 1 0 session_id=...

Technology

Brand

Type

Subtype 1

Subtype 2

nac

aruba

  • cppm

  • endpoint

  • system

  • system_stat

  • policy

  • v2

  • os

  • events

-

These are the valid tags and the types of events that correspond to each:

Tag/table name

Event types*

nac.aruba.cppm.endpoint

CPPM_Endpoint_Profile

nac.aruba.cppm.system

CPPM_System_Event

nac.aruba.cppm.system_stat

CPPM_System_Stat

nac.aruba.cppm.policy

CPPM_Alert
CPPM_Audit_Record
CPPM_Dashboard_Summary
CPPM_Policy_Server_Session
CPPM_Post_Auth_Monit_Config
CPPM_Proc_Stats
CPPM_RADCOA_Session_Log
CPPM_RADIUS_Accounting
CPPM_RADIUS_Accounting_Detail
CPPM_RADIUS_Session
CPPM_Session_Detail
CPPM_TACACS_Accounting_Detail
CPPM_TACACS_Accouting_Record
CPPM_TACACS_Session

nac.aruba.os.events

Aruba OS log events

...

In the examples below, we use port 13010 but you should use any port that you can dedicate to these events. We also use the event type names as listed earlier in this article. You should specify Source Message values that reflect the event type names used in your installation.

Rule 1: ClearPass Endpoint Profile events

  • Source Port → 13010

  • Source Message → CPPM_Endpoint_Profile

  • Target Tag → nac.aruba.cppm.endpoint

  • Select the Stop processing and Sent without syslog tag checkboxes.

Image Removed
Image Added

Rule 2:  ClearPass System Event events

  • Source Port → 13010

  • Source Message → CPPM_System_Event

  • Target Tag → nac.aruba.cppm.system

  • Select the Stop processing and Sent without syslog tag checkboxes.

Image Removed
Image Added

Rule 3: ClearPass System Stat events

  • Source Port → 13010

  • Source Message → CPPM_System_Stat

  • Target Tag → nac.aruba.cppm.system_stat

  • Select the Stop processing and Sent without syslog tag checkboxes.

Image Removed
Image Added

Rule 4: ClearPass Policy events

  • Source Port → 13010

  • Source Message → CPPM_

  • Target Tag → nac.aruba.cppm.policy

  • Select the Stop processing and Sent without syslog tag checkboxes.

Image Removed

Image Added

Rule 5: Aruba OS events

  • Source Port → 13010

  • Target Tag → nac.aruba.os.events

  • Select the Stop processing and Sent without syslog tag checkboxes.

Image Removed
Image Added

Step 2: Set up ClearPass to forward events to the Devo relay

...