Samurai [Local] Collector | Samurai [Cloud] Collector |
---|---|
This guide describes the steps required to configure Aruba Networks ClearPass to send logs to a Samurai Local Collector deployed in your network.
Connectivity Requirements
You must ensure the following connectivity requirements are available:
Source | Destination | Ports | Description |
---|---|---|---|
Aruba Networks ClearPass | Samurai Local Collector | TCP/514 (syslog) | For log transmission |
Syslog Configuration
Follow the below steps in ClearPass Policy Manager to enable syslog output to the local collector.
Add a Syslog Target using the following parameters:
Parameter Value Host Address IP of the Samurai Local Collector Protocol TCP Server Port 514 Create Syslog Export Filters for each event type using the following parameters:
Parameter Value Export Template Audit Records, Insight Logs and Session Logs Export Event Format Type CEF Syslog Servers Syslog target created in the above step
For integrations that utilize a Local Collector where we ingest syslog only, you do not need to follow specific steps in the Samurai MDR portal as we auto detect the vendor and product. The only reason you need to use the Samurai MDR portal is if you need to determine the Local Collector IP address. Of course you will still need to ensure the integration is functioning! See Integrations for more information on checking status.
Our Integration guide was accurate at the time of writing but vendors change things frequently! If you find errors or anything is outdated, let us know by raising a request in the Samurai MDR application and we shall get it updated.