Make sure you're still on the Mitigator tab. It doesn't write to the general logs. You have to look at the mitigator logs. I can send screen shot if need.
From: John Kaftan [mailto:[email protected]] Sent: Tuesday, March 27, 2012 1:39 PM To: Enterasys Customer Mailing List Subject: RE: [enterasys] Rogue Detection Alarm Exactly. But I am not getting that in Syslog. I do not even see it in the 'All' log on the server. John Kaftan IT Infrastructure Manager Utica College 315.792.3102 [cid:[email protected]]<http://www.facebook.com/home.php#!/pages/Utica-College-Infrastructure/175989122467327>[cid:[email protected]]<https://twitter.com/#!/UticaNet>[cid:[email protected]]<http://www.youtube.com/user/UticaNET> From: LeWayne Ballard [mailto:[email protected]]<mailto:[mailto:[email protected]]> Sent: Tuesday, March 27, 2012 2:26 PM To: Enterasys Customer Mailing List Subject: RE: [enterasys] Rogue Detection Alarm I haven't built alarms based upon it, but do run the Mitigator for rogues. It writes to the 'major' log which also displays in the 'all'. Is this what you were looking for? 03/27/12 13:21:12 Major Mitigator Analysis Engine Threat [Unknown AP with invalid SSID] detected by AP Cust Ops Spare, SN 10xxxxxxxx (xxxx). Details: RSSI:13, scanned channel:165, channel_rx:165, bssid:00:11:88:xx:xx:xx, ssid:, privacy:WEP, bssType:Infrastructure-BSS, beaconInterval:102ms -----Original Message----- From: John Kaftan [mailto:[email protected]]<mailto:[mailto:[email protected]]> Sent: Tuesday, March 27, 2012 12:53 PM To: Enterasys Customer Mailing List Subject: [enterasys] Rogue Detection Alarm Has anyone found a way to be alerted when a rogue comes on your wireless network? We are playing with Mitigator and I believe I have it working. However I do not see any log entries when it finds a rogue. I went into the controller log and clicked 'All' and exported and searched for a rogue that Mitigator recently detected. Then I searched the log offline but did not see my known rogue. I looked in syslog and no go. I wouldn't expect to see anything in syslog that was not found locally anyway. My hope is that a syslog message would happen that I could build an alarm with. Thanks John Kaftan IT Infrastructure Manager Utica College --- To unsubscribe from enterasys, send email to [email protected]<mailto:[email protected]> with the body: unsubscribe enterasys [email protected]<mailto:[email protected]> ________________________________ CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential or proprietary information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, immediately contact the sender by reply e-mail and destroy all copies of the original message. * --To unsubscribe from enterasys, send email to [email protected]<mailto:[email protected]> with the body: unsubscribe enterasys [email protected]<mailto:[email protected]> * --To unsubscribe from enterasys, send email to [email protected]<mailto:[email protected]> with the body: unsubscribe enterasys [email protected]<mailto:[email protected]> ________________________________ CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential or proprietary information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, immediately contact the sender by reply e-mail and destroy all copies of the original message. --- To unsubscribe from enterasys, send email to [email protected] with the body: unsubscribe enterasys [email protected]
<<inline: image001.png>>
<<inline: image002.png>>
<<inline: image003.png>>
