Cisco WLC¶
Description¶
Constructor: Cisco
Product: Wireless LAN Controler (WLC)
Log type(s): AAA
Theoretical injector performance¶
36774 EPS
Log sample¶
1 | %EMWEB-6-PARSE_ERROR: webauth_redirect.c:1477 parser exited. client mac= 00:00:00:f1:9f:72 bytes parsed = 4 and bytes read = 365 |
1 | %EMWEB-6-REQ_NOT_GET_ERR: http_parser.c:615 http request is not GET |
1 | %EMWEB-6-HTTP_REQ_BEGIN_ERR: http_parser.c:579 http request should begin with a character |
1 | %DTL-4-ARP_ORPHANPKT_DETECTED: dtl_net.c:3055 STA(Target MAC Address) [00:00:00:1e:30:8c, 0.0.0.0] ARP (op ARP REQUEST) received with invalid SPA(Source IP Address) 1.1.15.204/TPA(Destination IP Address) 1.1.8.1 |
Parsing strategy¶
This parser is only base on grok patterns. For each field, the grok variable follows this pattern:
document:[init][group][name] \<=> %{USERNAME:init_group_name}