Administrator Guide

ManualsBrandsDell ManualsAccess PlatformsW-ClearPass Virtual Appliances

471

472

473

474

475

476

477

478

479

480

478 | Administration Dell Networking W-ClearPass Policy Manager 6.5 | User Guide

Parameter Description

Export

Event

Format

Type

Select any one of the export event formats from the following options:

l Standard – Select this event format type to send the event types in raw syslog format. This is

the default event format type.

l LEEF - Select this event format type to send the event types in Log Enhanced Event Format

(LEEF).

l CEF - Select this event format type to send the event types in Common Event Format (CEF).

For sample event format types, see Export Event Format Types - Examples on page 478.

Syslog

Servers

Syslog servers define the receivers of syslog messages sent by servers in the ClearPass cluster.

l To add a syslog server, select it from the --Select to Add-- drop-down list.

l To view details about a syslog server, select the syslog server, then click View Details.

l To change details about a syslog server, select the syslog server, then click Modify. For

information about syslog server details, see Adding a Syslog Target on page 471

l To remove a syslog server (from receiving syslog messages), select the syslog server, then click

Remove.

If the syslog server does not appear in the drop-down list, you can click Add new Syslog target. For

more information about syslog target, see Adding a Syslog Target on page 471 for more

information.

ClearPass

Servers

You can designate syslog messages to be sent from exactly one server in the ClearPass cluster or

from all of them.

l To add a ClearPass server, select it from the Select to Add drop-down list.

l To remove the ClearPass server, select the ClearPass server, then click Remove.

NOTE: When no servers are listed, syslog messages are sent from all servers in the cluster.

Table 275:

Syslog Export Filters - General Tab Parameters (Continued)

Export Event Format Types - Examples

This section shows few examples of Standard, LEEF, and CEF event format types for the syslog export filter

templates.

The following example describes the Standard event format type for the Audit Events syslog export filter

template:

Mar 20 21:18:56 10.17.5.228 2015-01-19 21:19:50,118 10.17.5.228 Audit Logs 96 1 0

TimestampFormat=yyyy-MM-dd

HH:mm:ss,S,User=clusteradmin,Category=Endpoint,Action=ADD,EntityName=34a39527afc0,src=10.17.5.

228,Timestamp=Jan 19, 2015 21:18:54 IST

Mar 20 21:20:56 10.17.5.228 2015-01-19 21:21:50,111 10.17.5.228 Audit Logs 97 1 0

TimestampFormat=yyyy-MM-dd HH:mm:ss,S,User=admin,Category=Cluster-wide

Parameter,Action=MODIFY,EntityName=Endpoint Context Servers polling

interval,src=10.17.5.228,Timestamp=Jan 19, 2015 21:20:22 IST

Mar 21 09:28:59 10.17.5.228 2015-01-20 09:29:54,3 10.17.5.228 Audit Logs 99 1 0

TimestampFormat=yyyy-MM-dd HH:mm:ss,S,User=admin,Category=Network

Device,Action=REMOVE,EntityName=1.1.1.1,src=10.17.5.228,Timestamp=Jan 20, 2015 09:29:13 IST

The following example describes the Standard event format type for the System Events syslog export filter

template:

Mar 21 16:46:29 10.17.5.228 2015-01-20 16:47:23,880 10.17.5.228 System Events 0 1 0

TimestampFormat=yyyy-MM-dd HH:mm:ss,S,Description=User: arubasupport\nClient IP Address:

10.20.23.178,Category=Logged in,Action=None,Level=INFO,src=10.17.5.228,Component=Support

Shell,Timestamp=Jan 20, 2015 16:45:59 IST

Mar 21 16:49:10 10.17.5.228 2015-01-20 16:50:05,210 10.17.5.228 System Events 1 1 0

TimestampFormat=yyyy-MM-dd HH:mm:ss,S,Description='Failed to start ClearPass Virtual IP