Reset Search
 

 

Article

How to persist end system data cached in NAC / Access Control into Analytics for long periods of time

« Go Back

Information

 
TitleHow to persist end system data cached in NAC / Access Control into Analytics for long periods of time
Objective

With NAC Integration in the Analytics setup, the IP address of the user is often replaces with the domain name of the user. If the user does not login for a long period of time, the authentication session can become stale. The information in analytics will by default revert back to IP if it deems the end station is stale.

For customers who wish to extend the amount of time this is cached so they can search for this in the appliance flows. This article can assist with that.
This is not recommended by default, as the default action of the product does reflect it's most current unknown state. But this can help with visibility in searching via the Analytics Tab method.

Environment
  • Purview
  • Analytics
  • Extreme Management Center
Procedure


Click to Analytics->Configuration->Engines->Select Engine->Configuration
Figure 1. Shows an example destination, including Configuration Properties which need to be edited later.

Figure 1
User-added image

Scroll down the configuration window. Make sure  Access Control integration is enabled.
This is shown in figure 2 below

Figure 2
User-added image

Scroll down further to Configuration Properties and Click the Add Button

Figure 3 shows the two properties we want to add.
enterasys.mediation.nac.staletimeout with value from 0 (does not time out) to 168, one week in hours.
We also want to add the enterasys.mediation.nac.stalewarntime property value to a high nunber so the it does not produce warning messages. So 168 can be used here as well

Figure 3
User-added image
Now Click Save on the bottom right.
Them Click on the Enforce botton on the bottom right.
User-added image

Validate you want to enforce all appliances.

The appliances will now need their appid process restarted for this to take effect.
SSH into appliance, and then enter
 

appidctl restart
You will need to repeat this process if more than one Analytics appliance is being used.
This restarts the flow collection process for the appliance, and any locally cached data.
Additional notes

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255