This is the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

Aruba Networks ClearPass

    Samurai [Local] CollectorSamurai [Cloud] Collector
    Picture1.svg

    This guide describes the steps required to configure Aruba Networks ClearPass to send logs to a Samurai Local Collector deployed in your network.

    Connectivity Requirements

    You must ensure the following connectivity requirements are available:

    SourceDestinationPortsDescription
    Aruba Networks ClearPassSamurai Local CollectorTCP/514 (syslog)For log transmission

    Syslog Configuration

    Follow the below steps in ClearPass Policy Manager to enable syslog output to the local collector.

    1. Add a Syslog Target using the following parameters:

      ParameterValue
      Host AddressIP of the Samurai Local Collector
      ProtocolTCP
      Server Port514
    2. Create Syslog Export Filters for each event type using the following parameters:

      ParameterValue
      Export TemplateAudit Records, Insight Logs and Session Logs
      Export Event Format TypeCEF
      Syslog ServersSyslog target created in the above step

    For integrations that utilize a Local Collector where we ingest syslog only, you do not need to follow specific steps in the Samurai MDR portal as we auto detect the vendor and product. The only reason you need to use the Samurai MDR portal is if you need to determine the Local Collector IP address. Of course you will still need to ensure the integration is functioning! See Integrations for more information on checking status.

    Our Integration guide was accurate at the time of writing but vendors change things frequently! If you find errors or anything is outdated, let us know by raising a request in the Samurai MDR application and we shall get it updated.