Skip to content

Cisco WLC

Description

Constructor: Cisco

Product: Wireless LAN Controler (WLC)

Log type(s): AAA

Theoretical injector performance

36774 EPS

Log sample

1
%EMWEB-6-PARSE_ERROR: webauth_redirect.c:1477 parser exited. client mac= 00:00:00:f1:9f:72 bytes parsed = 4 and bytes read = 365
1
%EMWEB-6-REQ_NOT_GET_ERR: http_parser.c:615 http request is not GET
1
%EMWEB-6-HTTP_REQ_BEGIN_ERR: http_parser.c:579 http request should begin with a character
1
%DTL-4-ARP_ORPHANPKT_DETECTED: dtl_net.c:3055 STA(Target MAC Address) [00:00:00:1e:30:8c, 0.0.0.0] ARP (op ARP REQUEST) received with invalid SPA(Source IP Address) 1.1.15.204/TPA(Destination IP Address) 1.1.8.1

Parsing strategy

This parser is only base on grok patterns. For each field, the grok variable follows this pattern:

document:[init][group][name] \<=> %{USERNAME:init_group_name}