Cisco WLC


Constructor: Cisco

Product: Wireless LAN Controller (WLC)

Log type(s): AAA

Theoretical injector performance

36774 EPS

Log sample

%EMWEB-6-PARSE_ERROR: webauth_redirect.c:1477 parser exited. client mac= 00:00:00:f1:9f:72 bytes parsed = 4 and bytes read = 365
%EMWEB-6-REQ_NOT_GET_ERR: http_parser.c:615 http request is not GET
%EMWEB-6-HTTP_REQ_BEGIN_ERR: http_parser.c:579 http request should begin with a character
%DTL-4-ARP_ORPHANPKT_DETECTED: dtl_net.c:3055 STA(Target MAC Address) [00:00:00:1e:30:8c,] ARP (op ARP REQUEST) received with invalid SPA(Source IP Address) IP Address)

Parsing strategy

This parser is only base on grok patterns. For each field, the grok variable follows this pattern:

document:[init][group][name] \<=> %{USERNAME:init_group_name}