Stay organized with collections
Save and categorize content based on your preferences.
Change log for CLEARPASS
Date
Changes
2024-09-12
Enhancement:
- Added support to parse new format of SYSLOG and JSON logs.
2024-08-08
Enhancement:
- Mapped "Acct-NAS-IP-Address" to "principal.ip".
- Mapped "Acct-Username" to "principal.user.userid".
- Mapped "Acct-Calling-Station-Id" to "principal.user.product_object_id".
2024-05-05
Enhancement:
- Handled unparsing SYSLOG format logs.
- Mapped "prin_port" to "principal.port".
- Mapped "agent_ip" to "principal.ip" and "principal.asset.ip".
- Mapped "descr" and "eventDescription" to "metadata.description".
- Mapped "version" to "metadata.product_version".
- Mapped "specificTrap_name", "uptime", "enterprise", "generic_num", "specificTrap_num", and "community" to "additional.fields".
2024-01-11
Enhancement:
- Mapped "Common.NAS-IP-Address" to "target.ip".
- Mapped "Common.Service", "Common.Enforcement-Profiles", and "Common.Login-Status" to "security_result.detection_fields".
2022-08-18
Enhancement:
- Handled the dropped logs which are in CEF format and unparsed logs to improve the parsing rate.
- Mapped "metadata.event_type" to "STATUS_UPDATE" where "principal.hostname/principal.ip" is not null else mapped it as "GENERIC_EVENT".
2022-07-08
Enhancement:
- Modified mapping for "_target_user_groupid" from "target.user.groupid" to "target.user.group_identifiers".
- Modified mapping for "Common.Roles" from "principal.user.groupid" to "principal.user.group_identifiers".
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-04-02 UTC."],[[["Support has been enhanced to parse new SYSLOG and JSON log formats as of September 12, 2024."],["Several mappings have been added or modified between August 2022 and August 2024, including mapping various fields to `principal.ip`, `principal.user.userid`, `principal.user.product_object_id`, and more."],["Unparsed SYSLOG format logs are now handled to improve parsing as of May 5, 2024, and new mappings have been added for `prin_port`, `agent_ip`, and others to various fields."],["The system now handles dropped logs in CEF format and unparsed logs, enhancing the overall parsing rate, with event types mapped accordingly based on the presence of principal hostnames or IPs, as of August 18, 2022."],["Mappings related to user group identification (`_target_user_groupid`, `Common.Roles`) were updated to use `target.user.group_identifiers` and `principal.user.group_identifiers` respectively as of July 8, 2022."]]],[]]