Users Guide

ManualsBrandsDell ManualsAccess PlatformsW-ClearPass Virtual Appliances

591

592

593

594

595

596

597

598

599

600

594 | Administration Dell Networking W-ClearPass Policy Manager 6.6 | User Guide

Parameter Action/Description

Export Event

Format Type

Select any one of the export event formats from the following options:

l Standard: Select this event format type to send the event types in raw syslog format. This is

the default event format type.

l LEEF: Select this event format type to send the event types in Log Enhanced Event Format

(LEEF).

l CEF: Select this event format type to send the event types in Common Event Format (CEF).

For sample event format types, see Export Event Format Types—Examples on page 594.

Syslog Servers Syslog servers define the receivers of syslog messages sent by servers in the W-ClearPass

cluster.

l To add a W-ClearPass syslog server, select it from the Select to Add drop-down list.

l To add a new W-ClearPass syslog server, click the Add New Syslog Target link (for more

information, see Adding a Syslog Target on page 588).

l To view details about a syslog server, select the syslog server, then click View Details.

l To change details about a syslog server, select the syslog server, then click Modify. For more

information, see Adding a Syslog Target on page 588.

l To remove a syslog server (from receiving syslog messages), select the syslog server, then

click Remove.

W-ClearPass

Servers

You can designate syslog messages to be sent from exactly one server in the W-ClearPass

cluster or from all of them.

l To add a W-ClearPass server, select it from the Select to Add drop-down list.

l To remove the W-ClearPass server, select the W-ClearPass server, then click Remove.

NOTE: When no servers are listed, syslog messages are sent from all servers in the cluster.

Table 321: Add Syslog Export Filters > General Tab Parameters (Continued)

Export Event Format Types—Examples

This section provides several examples of Standard, LEEF, and CEF event format types for the syslog export

filter templates.

Standard Event Format Type > Audit Events

The following example describes the Standard event format type for the Audit Events syslog export filter

template:

Mar 20 21:18:56 10.17.5.228 2017-01-19 21:19:50,118 10.17.5.228 Audit Logs 96 1 0

TimestampFormat=yyyy-MM-dd

HH:mm:ss,S,User=clusteradmin,Category=Endpoint,Action=ADD,EntityName=34a39527afc0,src=10.17.5.

228,Timestamp=Jan 19, 2017 21:18:54 IST

Mar 20 21:20:56 10.17.5.228 2017-01-19 21:21:50,111 10.17.5.228 Audit Logs 97 1 0

TimestampFormat=yyyy-MM-dd HH:mm:ss,S,User=admin,Category=Cluster-wide

Parameter,Action=MODIFY,EntityName=Endpoint Context Servers polling

interval,src=10.17.5.228,Timestamp=Jan 19, 2017 21:20:22 IST

Mar 21 09:28:59 10.17.5.228 2017-01-20 09:29:54,3 10.17.5.228 Audit Logs 99 1 0

TimestampFormat=yyyy-MM-dd HH:mm:ss,S,User=admin,Category=Network

Device,Action=REMOVE,EntityName=1.1.1.1,src=10.17.5.228,Timestamp=Jan 20, 2017 09:29:13 IST

Standard Event Format Type > System Events

The following example describes the Standard event format type for the System Events syslog export filter

template:

Mar 21 16:46:29 10.17.5.228 2017-01-20 16:47:23,880 10.17.5.228 System Events 0 1 0

TimestampFormat=yyyy-MM-dd HH:mm:ss,S,Description=User: arubasupport\nClient IP Address: