LogoLogo
LogoLogo
  • Welcome
  • Details
  • Configuration
    • Getting Started
      • Generic Guide
      • Scenario-based Guides
        • Microsoft Cloud PKI
        • SCEPman PKI
    • Access Point Setup
      • RadSec
        • Aruba
        • FortiNet
        • Juniper Mist
        • Meraki
        • MikroTik
        • Ruckus
        • UniFi
      • RADIUS
        • ExtremeCloud IQ CoPilot
        • Meraki
        • Sophos UTM
        • UniFi
    • Server Certificate Renewal
  • Admin Portal
    • Home
    • Insights
      • Rule Engine
      • Logs
    • Users
    • Settings
      • Server Settings
      • Trusted Certificates
      • Proxy Settings
      • Permissions
      • User Settings
      • Rules
        • General Structure
        • WiFi
        • LAN
        • VPN
      • Log Exporter
        • Teams
        • Log Analytics
        • Generic Webhook
        • Examples
    • My Invited Users
  • Profile Deployment
    • Microsoft Intune
      • Server Trust
      • WiFi Profile
        • Windows
        • iOS/iPadOS & macOS
        • Android
      • Wired Profile
        • Windows
        • macOS
    • Jamf Pro
      • Server Trust
      • WiFi Profile
      • Wired Profile
    • Google Workspace
      • Server Trust
      • WiFi Profile
  • Other
    • Troubleshooting
    • FAQs
      • General
      • Log & Common Errors
      • MAC Authentication
      • Blast-RADIUS Vulnerability
      • OCSP Soft-fail Consequences
      • Security & Privacy
    • REST API
      • External Monitoring
    • Changelog
  • Licensing
    • Azure Marketplace
  • Support & Service Level
  • RADIUSaaS Website
Powered by GitBook
On this page
  • Example 1: General authentication information
  • Scope and assumptions
  • Target
  • Message Filter configuration
  • Data Configuration
  • Example 2: Detailed authentication information
  • Scope and assumptions
  • Target
  • Message Filter Configuration
  • Data configuration
  • Example 3: General error notifications
  • Scope and assumptions
  • Target
  • Message Filter Configuration
  • Data configuration

Was this helpful?

  1. Admin Portal
  2. Settings
  3. Log Exporter

Examples

This page provides some real world scenarios giving you guidance on how to configure the Log Exporter for your scenario.

Last updated 3 months ago

Was this helpful?

Example 1: General authentication information

Scope and assumptions

The scope of the query provided below is as follows:

  • the admin is interested in understanding which users/devices are authenticating (accepted or rejected) and to built frequency statistics based on that

  • no VLAN tagging is used

  • only certificate-based authentication is used (no username-password-based authentication)

Target

or

Message Filter configuration

Rule Engine

Log Level
Enabled

Success

False

Failed

False

Error

False

Authorization System

Log Level
Enabled

Requests

False

Success

True

Failed

True

Error

False

Proxy Authentication

Log Level
Enabled

Connections

False

Success

False

Failed

False

Error

False

Data Configuration

{
    "Decision": {{ data.get("Packet-Type") }},
    "Level": {{ data.level }},
    "IP": {{ data.get("Packet-Dst-Address") }},
    "Username": {{ data.get("User-Name") }},
    {% if data.get("TLS-OCSP-Cert-Valid") != None %}
        "OCSPStatus": {{ data.get("TLS-OCSP-Cert-Valid") }},
    {% endif %}
    {% if data.level == "warning" %}
      "FailReason": {{ data.get("Module-Failure-Message") }},
    {% endif %}
    "Datetime" : {{ data.Datetime }}
}

Example 2: Detailed authentication information

Scope and assumptions

The scope of the query provided below is as follows:

  • the admin is interested in understanding which users/devices are authenticating via certificate or username & password (accepted or rejected)

  • username and certificate details with OCSP response

  • SSID and used Access Point (MAC address)

  • correlation ID for further investigation

Target

Message Filter Configuration

Rule Engine

Log Level
Enabled

Success

True

Failed

True

Error

False

Authorization System

Log Level
Enabled

Requests

False

Success

False

Failed

False

Error

False

Proxy Authentication

Log Level
Enabled

Connections

False

Success

False

Failed

False

Error

False

Data configuration

{
    "Decision": {{ data.get("Engine-Decision") }},
    "Datetime" : {{ data.Datetime }},
    "Level": {{ data.level }},
    "Authtype": {{ data.get("Authtype") }},
    "Client-MAC": {{ data.get("Client-MAC") }},
    "Username": {{ data.get("User-Name") }},
    "Applied-Rule": {{ data.get("Applied-Rule") }},
    "VLAN": {{ data.get("Assigned-VLAN", "No VLAN assigned") }},
    "Auth-Source-Type": {{ data.get("Auth-Source-Type") }},
    {% if data.get("Auth-Source-Type") == "WiFi" %}
        "SSID": {{ data.get("SSID") }},
        "AP-MAC": {{ data.get("AP-MAC") }},
    {% endif %}
    {% if data.get("Authtype") == "Certificate" %}
        "Certificate-CommonName": {{ data.get("Certificate-Details", {}).get("TLS-Cert-Common-Name") }},
        "Certificate-Serial": {{ data.get("Certificate-Details", {}).get("TLS-Client-Cert-Serial") }},
    {% endif %}
    {% if data.get("Verify-Result") != None %}
        "Verify-Result": {{ data.get("Verify-Result") }},
        "Verify-Status": {{ data.get("Verify-Status") }},
        "Verify-Type": {{ data.get("Verify-Type") }},
        "Verify-Description": {{ data.get("Verify-Description") }},
    {% endif %}
    {% if data.get("Reject-Description") != None %}
        "Reject-Description": {{ data.get("Reject-Description") }},
    {% endif %}
    "GKG-Correlation-Id": {{ data.get("GKG-Correlation-Id") }}
}

Example 3: General error notifications

Scope and assumptions

The scope of the query provided below is as follows:

  • the admin is interested in receiving pro-active notifications about errors on the RADIUSaaS platform for the operations team.

Target

Message Filter Configuration

Rule Engine

Log Level
Enabled

Success

False

Failed

False

Error

False

Authorization System

Log Level
Enabled

Requests

False

Success

False

Failed

False

Error

True

Proxy Authentication

Log Level
Enabled

Connections

False

Success

False

Failed

False

Error

True

Data configuration

Teams

The RADIUS system has issues!
Message: {{ data.get('message') }}

Raw data:
{{ data }}

Log Analytics or General Webhook

{
    "Message": {{ data.get("message") }},
    "Datetime" : {{ data.get("Datetime") }},
    "Level": {{ data.get("level") }},
    "Type": {{ data.get("type", "not applicable") }}
}

RADIUSaaS that was triggered, if applicable: assigned VLAN

or

, or or

Log Analytics
General Webhook
Rule
Log Analytics
General Webhook
Teams
Log Analytics
General Webhook