# Aruba ClearPass (syslog) In this guide, you will set up a trusted relationship between Radiant and your Aruba ClearPass account to forward logs to Radiant Security via a syslog forwarder. ### Prerequisites * [ ] Admin access to the Aruba ClearPass console ### Add the data connector in Radiant Security 1. Log in to [Radiant Security](https://app.radiantsecurity.ai/). 2. From the navigation menu, select **Settings** > **Data Connectors** and click **+ Add Connector**. 3. Search for and select the **Radiant Agent** option and click **Data Feeds**. 4. Under **Select your data feeds**, select **Aruba ClearPass (syslog)** and click **Credentials**. 5. Under **Credential Name**, give the Radiant Agent integration an identifiable name (e.g. `Aruba ClearPass Credentials`) or reuse a pre-existing Radiant Agent integration. 6. Click **Add Connector**. ### Configure a Radiant Agent for log collection Refer to the [Install the Radiant Security Agent](https://help.radiantsecurity.ai/radiant-connectors/data-connectors/install-the-radiant-security-agent) guide to set up a local agent to collect the logs. ### Adding a syslog target on Aruba ClearPass 1. Access the Aruba ClearPass console. 2. Navigate to **Administration** > **External Servers** > **Syslog Targets.**
3. Click **Add**. 4. Enter the following parameters: 1. **Host Address**: `` 2. **Description**: `Radiant Security On-Prem Log Collector` 3. **Protocol**: `UDP` 4. **Server Port**: ``\ 5. Click **Save**. ### Configure log forwarding on Aruba ClearPass 1. Access the Aruba ClearPass console. 2. Navigate to **Administration** > **External Servers** > **Syslog Export Filters.** 3. Click **Add.** 4. Enter the following parameters: 1. **Name**: `Radiant Security Session Logs - Logged in users` 2. **Description**: `Radiant Security Syslog Forwarder` 3. **Export Template**: `Session Logs` 4. **Export Event Format Type**: `CEF` 5. **ClearPass Servers**: Leave it blank
5. Click the **Filter and Columns** tab and configure the following: 1. **Data Filter**: `[All Requests]` 2. **Columns Selection**: Select one of the **Predefined Field Group** values from the table below:
Export TemplatePredefined Field Group
Session LogsFailed Authentications
Session LogsGuest Access
Session LogsLogged in users
Session LogsRADIUS Accounting
Session LogsTACACS+ Accounting
Insight LogsEndpoints
Insight LogsClearPass Guest
Insight LogsOnboard Enrollment
Insight LogsRADIUS Authentications
Insight LogsRADIUS Failed Authentications
Insight LogsTACACS Authentication
Insight LogsTACACS Failed Authentication
Insight LogsWEBAUTH Failed Authentications
Insight LogsWEBAUTH
Insight LogsApplication Authentication
Insight LogsPosture Antivirus Summary
Insight LogsPosture Antispyware Summary
Insight LogsPosture DiskEncryption Summary
Insight LogsPosture Summary
6. Click **Save.** 7. Repeat steps **3 and 4** for all the **Export Templates** and **Predefined Field Group** from the table. 8. Each **Syslog Export Filter** can only support one export template and one predefined group. The final result should look like this:
--- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://help.radiantsecurity.ai/radiant-connectors/data-connectors/aruba-clearpass-syslog.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.