Event View

---

The Event View at the bottom of the NAC Manager main window displays error and informational messages about NAC Manager operations and provides information on end-systems that have attempted to connect to the network through an Extreme Access Control engine. There are four tabs:

• NAC Manager Events Tab
  • Logging of End-System Group Events
• End-Systems Activity Tab
• NAC Appliance Events Tab
• Audit Events Tab

NAC Manager Events Tab

The NAC Manager Events tab at the bottom of the NAC Manager main window displays error and informational messages about NAC Manager system operations. The log displays the most recent 10,000 entries. The current log file is automatically archived when its size reaches 5 megabytes and a new log file is opened. Use the Event Logs view in the Suite-Wide Options window to configure the number of event logs to save and the number of entries to display in the table.

Click the graphic for more information.

Acknowledge:

This checkbox lets you acknowledge an event and also hide acknowledged items. Click the checkbox to acknowledge the item and then click the Show Acknowledged Events button   to hide or show the checked items.

Severity

The event's severity.

Category

The category of event.

Timestamp

The date and time when the event occurred.

Source

The IP address of the host that was the source of the event.

Client

The name of the client host machine that triggered the event, or the IP address of the machine if the name cannot be resolved.

User

The client username or the name of the NAC component that triggered the event.

Type

The type of information: Event.

Event

The type of event.

Information

Information about the event.

 Show/Hide Acknowledged Events

This button hides or shows items in the table that have been acknowledged by a check in the Acknowledge column.

Refresh

Refreshes the log.

Clear Current View

Clears entries from the current table.

Logging of End-System Group Events

The following table summarizes data displayed in the NAC Manager Events tab when an end-system group change is logged, for example when an end-system is added to a group or deleted from a group. It lists the various actions that can cause an end-system group change, and the resulting Client and User column displayed in the event log.

In the Client column, Client IP refers to the name of the client host machine that triggered the event, or the IP address of the machine if the name cannot be resolved. The User column lists the client username or the name of the NAC component that triggered the event.

Action	NAC Manager Events Tab
	Client Column	User Column
End-system group change made from the End-System Summary window.	<Client IP>	<Username>
End-system group change made from the Dashboard.	<Client IP>	<Username>
End-system group change made from the Advanced Configuration window.	<Client IP>	<Username>
End-system group change made from the Registration Administration web page.	<Client IP>	<Username>
End-system added to group in the Add End-Systems to Group window.	<Client IP>	<Username>
End-system deleted from group(s) from the Tools > Remove End-Systems window.	<Client IP>	<Username>
End-system group changes made with the NAC Request Tool.	<Client IP>	<Username> credential used in the script
Tools > Manage Data Persistence > Cleanup Data with the remove from groups option selected.	<Client IP>	Extreme Management CenterServer
Overnight maintenance task with the remove from groups option selected.	<Client IP>	Extreme Management CenterServer
ASM notification adds end-system to Blacklist end-system group.	---	ASM
End-system added to group during Registration (Unauthenticated Registration).	<Extreme Access ControlEngine name>	Guest-<MAC address>,

End-Systems Activity Tab

This tab provides information on all the end-systems attempting to connect to the network. It displays all end-system activity since the client was launched.

Click the graphic for more information.

Timestamp

The date and time the end-system connected.

MAC Address

The end-system's MAC address. MAC addresses are displayed as a full MAC address or with a MAC OUI (Organizational Unique Identifier) prefix, depending on the option you have selected in the Options window Display view (Tools > Options).

IP Address

The end-system's IP address.

Switch IP

The IP address of the switch to which the end-system connected. If the end-system is connected to an Extreme Access Control Controller engine, this is the Access Control Controller PEP (Policy Enforcement Point) IP address.

Switch Location

The physical location of the switch to which the end-system connected. If the end-system is connected to an Access Control Controller engine, this is the Access Control Controller PEP (Policy Enforcement Point) location.

Switch Port Index

The switch port index to which the end-system connected.

Switch Port

The switch port interface name to which the end-system connected.

Authentication Type

Identifies the authentication method used by the end-system to connect to the network. For Layer 3 Access Control Controller engines, this column shows IP.

State

The end-system's connection state:

• Scan - The end-system is currently being scanned.
• Accept - The end-system is granted access with either the Accept policy or the policy returned from the RADIUS server in the filter-ID.
• Quarantine -The end-system is quarantined because the scanning test failed.
• Reject - The end-system was rejected because the assigned NAC profile was set to Reject, the MAC Locking test failed, or the RADIUS server was reachable but rejected the authentication request.
• Error - Indicates one of nine problems:
  • the MAC to IP resolution failed, if assessment is enabled
  • the MAC to IP resolution timed out, if assessment is enabled
  • all RADIUS servers are unreachable
  • the RADIUS request was non-compliant
  • all assessment servers are unavailable
  • the assessment server can't reach the end-system
  • no assessment servers are configured
  • the assessment server is not compatible with the current version of NAC Manager
  • the username and password configured in the Assessment Server panel of the NAC Manager options (Tools > Options > Assessment Server) are incorrect for the assessment server

Extended State

Provides additional information about the end-system's connection state.

Reason

Provides additional information about the reasons why the end-system is in its particular connection state. It gives you an idea as to why a certain policy was applied to the end-system or why the end-system was rejected.

Username

The username used to connect.

Authorization

The attributes returned by the RADIUS server for this end-system. If the end-system is connected to a switch that supports multi-authentication, then this column may not reflect the actual active policy for the authenticated user. For Layer 3 Access Control Controller engines, this column displays the policy assigned to the end-system for its authorization.

State Description

This column provides more details about the end-system state. For example, if the end-system's connection state is Reject, this column might list the RADIUS server (primary or secondary) that rejected the authentication request.

NAC Appliance

The IP address of the Access Control engine with which the end-system is associated.

RADIUS Server

The IP address of the RADIUS server that the end-system is associated with.

Clear Messages button

Clears any messages that are selected in the table.

NAC Appliance Events Tab

This tab provides information on Extreme Access Control engine system events including RADIUS configuration success or failure, completed reauthentications, and management logins (via the console or Telnet). It displays engine activity since the client was launched.

	NOTE:	Installed certificates using an MD5 RSA signature algorithm now generate an event in Extreme Management Center version 7.

Click the graphic for more information.

Acknowledge:

This checkbox lets you acknowledge an event and also hide items that have been acknowledged. Click the checkbox to acknowledge the item and then click the Show Acknowledged Events button   to hide or show the checked items.

Severity

The event's severity.

Category

The category of event: NAC Appliance Event.

Timestamp

The date and time when the event occurred.

Source

The IP address of the engine that is the source of the event.

Type

The type of information: Event.

Event

The type of event.

Information

Information about the event.

 Show/Hide Acknowledged Events

This button hides or shows items in the table that have been acknowledged by a check in the Acknowledge column.

Refresh

Refreshes the log.

Clear Current View

Clears entries from the current table.

Audit Events Tab

This tab provides information on NAC Registration events such as when a device or user is added during the registration process, or an end-system is added/removed/updated via the registration administration web page. It displays all registration activity since the client was launched.

Click the graphic for more information.

Acknowledge:

This checkbox lets you acknowledge an event and also hide items that have been acknowledged. Click the checkbox to acknowledge the item and then click the Show Acknowledged Events button   to hide or show the checked items.

Severity

The event's severity.

Category

The category of event.

Timestamp

The date and time when the event occurred.

Source

The MAC address of the end-system that was the source of the event.

Client

The name of the machine that triggered the event, or the IP address of the machine if the name cannot be resolved.

User

The username that initiated the event, or Guest-<MAC address> if the username cannot be determined.

Type

The type of information: Event.

Event

The type of event.

Information

Information about the event.

 Show/Hide Acknowledged Events

This button hides or shows items in the table that have been acknowledged by a check in the Acknowledge column.

Refresh

Refreshes the log.

Clear Current View

Clears entries from the current table.

---

Related Information

For information on related windows:

• Event Details Window