On 3 Mar 2016, at 18:12, Matthew Newton wrote:
I’ve found some posts that indicate that info is only available
through SNMP traps, but I haven’t been able to find the OIDs.
Has anyone been able to log auths without using PI?
I feed the whole lot to snmptrapd which just syslogs them, then
push them via logstash into elasticsearch, which makes it easy to
see what is happening (and also tie up with RADIUS logs, DHCP
logs, etc). If you tell snmptrapd where the MIBs ar then it'll
decode them for you - just make sure it's got the whole Cisco-v2
bundle (including the AIRESPACE and CISCO-LWAPP mibs).
I ended up doing this brute-force style a few years back. I started out
by using the Cisco MIB's, but I experienced that the traps where corrupt
(or at least the packets where mangled), so I had to do a different
approach that at least did _some_ error-handling;
<http://git.jocke.no/network-stuff/tree/cisco-wlan/snmptrapd-parser.pl>
It's really ugly, but it did the trick. I believe it should still work.
--
Joachim
**********
Participation and subscription information for this EDUCAUSE Constituent Group
discussion list can be found at http://www.educause.edu/groups/.
