On Thu, Mar 03, 2016 at 04:29:56PM +0000, John York wrote: > I’m finding that 5508 syslog outputs a huge amount of stuff, but > doesn’t include successful authentications.
WLC syslogs aren't particularly useful for a lot of stuff IMO... > I’ve found some posts that indicate that info is only available > through SNMP traps, but I haven’t been able to find the OIDs. > Has anyone been able to log auths without using PI? SNMP traps - we have pretty much all of them enabled, including client 802.11 association, authentication, association with stats (this latter gives more useful things than the plain association, not just extra stats). I feed the whole lot to snmptrapd which just syslogs them, then push them via logstash into elasticsearch, which makes it easy to see what is happening (and also tie up with RADIUS logs, DHCP logs, etc). If you tell snmptrapd where the MIBs ar then it'll decode them for you - just make sure it's got the whole Cisco-v2 bundle (including the AIRESPACE and CISCO-LWAPP mibs). For example you should look at AIRESPACE-WIRELESS-MIB::bsnDot11StationAssociate, CISCO-LWAPP-DOT11-CLIENT-MIB::ciscoLwappDot11ClientAssocDataStatsTrap etc. For 802.1X of course your RADIUS logs are also good for this. But for open networks SNMP traps is the only way to go that I'm aware of. We don't run PI either. Cheers, Matthew -- Matthew Newton, Ph.D. <[email protected]> Systems Specialist, Infrastructure Services, I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom For IT help contact helpdesk extn. 2253, <[email protected]> ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
