Aruba Clearpass Custom Analysis & Trending

Our large UK university campus uses Aruba Clearpass for authentication. We had a situation recently when a large number of wireless authentications were failing at certain times of the day. One of the great features of Clearpass is the Access Tracker that lists all the authentication attempts with lots of useful information. It is found on Policy Manager - Monitoring - Live Monitoring - Access Tracker

I could see in the policy manager access tracker that at the times when the issue was occurring that many of the connections were failing with a timeout. One of the very useful parts of the access tracker are its filters and I was able to filter for "Login Status equals TIMEOUT". However, what I really wanted to see was the number of login timeouts vs successful authentications graphed over time to get an understanding of the scale of the problem and its frequency.

Policy Manager has a graphing function to be found at: Policy Manager - Monitoring - Live Monitoring - Analysis & Trending. An example of the supplied filters is this, simply showing total requests, successes and failures:

However, in my case I needed to see the authentication timeouts and not just all the failures. What I needed was a data filter which are found at Policy Manager - Monitoring - Data Filters. These can filter on any of the parameters present in the access tracker and can use Boolean logic to construct more complex queries. The query can then be used to build a graph in the Analysis & Trending module.

My first filter was quite simple just looking for RADIUS authentication where the Login-Status EQUALS TIMEOUT:

and another that showed the timeouts from a group of Meru controllers by filtering on the NAS IP address of the wireless controller(s):

Then applying these filters in Analysis & Trending provided the graphical representation required: