PacketFence Network Access Control (NAC)
|Protocol||Information Discovered||Used For|
|Syslog||User network admission control events||Security and Compliance|
Configuring PacketFence NAC
Follow PacketFence NAC documentation to send syslog to FortiSIEM.
FortiSIEM automatically recognizes PacketFence NAC syslog as long it follows the following format as shown in the sample syslog:
Oct 9 11:29:34 10.2.204.81 1 2018-10-09T11:29:34.04189+01:00 example.com packetfence.log - - - Oct 11 15:42:00 httpd.aaa(4765) WARN: [mac:40:83:1d:12:2a:cb] Calling match with empty/invalid rule class. Defaulting to 'authentication' (pf::authentication::match)
Parsing and Events
Over 20 events are parsed – see event Types in Resources > Event Types and search for “PacketFence-NAC-“.