Authentication Manager v. 8.x all versions. AM 8.1 - AM 8.7 SP2.
AM 8.8 should work the same.
If you need to isolate and/or count Authentication Traffic just for RADIUS Clients, you need to understand how AM stores this data.
The RSA Community Knowledge Base, KB article titled
RSA Authentication Agent agent type values in Authentication Manager 8.x
https://community.rsa.com/s/article/RSA-Authentication-Agent-agent-type-values-in-Authentication-Manager-8-x
Defines two separate Agent Type to include RADIUS Clients.
Agent Type 4 = RADIUS client
Agent Type 7 = Authentication from authentication agents (i. e., Authentication Agent for Web, PAM, Windows, Native_SecurID, Local Authentication Client, etc) and from RADIUS clients.
This is because the RSA AM RADIUS service accepts RADIUS authentication requests, then must hand those authentication request to AM via an Agent API, the ReST agent API since AM 8.6. What we have noticed in Authentication activity is that successful RADIUS Client authentications show with Type 7, while unsuccessful RADIUS Client authentications show with the expected Type 4.
In both cases, there is another field, the 'Argument 3' field, that keeps the value of 4 for RADIUS Client Agent Type.
- Generate an Authentication activity report for the time period desired, and include the following fields *
- Run the Report, output to .csv spreadsheet file and download.
- Sort the 'Argument 3' field so that all authentications that have the value 4 in that field display.
- Separate out the Authentications where 'Argument 3' has a value of '4'
- Manipulate and count this RADIUS Authentication Data for your needs; by AM instance server (primary or replicas), by RADIUS Client name, by Result, etc...
* Include the Argument 3 field so that you can separate out RADIUS client authentications. Include any other field you need such as AM appliance instance name or IP address, RADIUS Client name or IP address, Result to indicate Success/Failure, and an other fields you find useful
I have a RADIUS client for a Windows PC running NTRadPing.exe. When I successfully authenticated it came through as Agent-Type = 7 in the Authentication Activity report as well as the Authentication Real Time Activity Monitor. However another field has the 4 value indicating RADIUS client.
Authentication Activity for NTRadPing.exe RADIUS client showed Agent Type = 7, but Argument 3 field did have a 4 in it
It also had a 1 in Argument 3 for a Standard agent.
Below is small part of Authentication Activity report, in the mix was an NTRadPing.exe
Result, User ID ,AgntType,AgntName ,Arg 1 ,Arg2,Arg3,Arg10
Success,testuser ,0 , , , , , = Agent type 0 = Password on Console not agent, UserID testuser
Success,testuser ,8 , ,AUTH_LOGIN, , , = Agent type 8 = Passcode on Console not agent, UserID testuser
Success,testuser ,7 ,testagent,AUTH_LOGIN, 0 , 1 , = MFA agent for Windows Test Auth to ReST with UserID testuser
Success,rsatest ,7 ,JUMPHOST ,AUTH_LOGIN, 0 , 4 , = NTRadPing.exe RADIUS Client called JUMPHOST with UserID rsatest
Failure, rsates ,4 ,JUMPHOST ,AUTH_LOGIN, 0 , 4 , = NTRadPing.exe RADIUS Client called JUMPHOST with invalid UserID rsates
If you run a Standard Auth activity report from Security Console, you will need to display Argument 3, then sort on that field to separate out the RADIUS clients. From that data if you also display instance name and result you can count Total / Success/ Failed Radius authentications, per instance. You could also display Agent name to see that info.
The Security Console - RADIUS - RADIUS Statistics - RADIUS Client Statistics. This display can filter authentication requests for All/One RADIUS client and by All/One AM server.
<SC-RADIUS-Client_Stats.png>
