Showing results for 
Search instead for 
Did you mean: 

Pulse One -> Log collections

Occasional Contributor

Pulse One -> Log collections

Has anyone use the Pulse One Log correlation feature? We would like to sent all the PCS and PPS logs and assist in analyzing the posture of the network (security and troubleshooting)

Re: Pulse One -> Log collections

Hello, my name is Craig Brauckmiller and I am on the support team here at Pulse Secure.


It is absolutely possible to do what you are asking with the log feature on the Pulse One appliance.  The logging aggregation is a separate license if you were not aware.


What I've done in our lab is point a PCS IF-MAP client and a PPS IF-MAP client as well as the PPS IF-MAP server to the Pulse One appliance.  I send the syslog messages over to Pulse One.  I can literally follow the user logging into PCS, see their session exported to IF-MAP and then see the PPS IF-MAP client import the session when traffic tries to traverse an enforcer connected to the PPS IF-MAP client.  The only shortcoming is that currently, we do not use high resolution logging.  We only log to the whole second, so there are times where the messages may arrive out of order and it can confuse the log analysis.  I've asked our dev team if we can add a couple decimal points to the logging timestamps, but I haven't seen any updates on that.


If you do decide to use this feature, by all means, ask your sales team to file an enhancement request for this.


Let me know if you have any questions.