06-19-2012 07:54 PM
Hi
I need to count traffic used by each device connected to the access point.
The manual says:
In addition to the standard event log, the access point can send a
detailed log to an external Syslog server. The access point’s Syslog
captures all log activities and includes this information about all data
transmissions: every connection source and destination IP address, IP
server, and number of bytes transferred.
How do I get that detailed log sent to a local IP address? All I managed to get so far is standard log - configuration changes and autenthication mesages.
06-22-2012 11:02 AM
Hi Yana,
Thank you for contacting Cisco Small Business Forum.
In the device, under the Administration-->Log tabs you can select what type of logs you would like to receive.
The following options are available for you on this device:
- unauthorized access;
- authorised access;
- system error message;
- configuration changes;
You have to enable all those in order to see all ofthem. If you have only System Error and Configuration changes enabled for logging, then that all you will get.
Hope that helps.
Sincerely,
Alena Patterson
Cisco SBSC engineer
CCNA
06-24-2012 06:34 PM
Alena, thanks for your reply.
Yes, I did all that and this is the kind of log I get from the device:
Jun 23 16:17:22 kernel: [][90:C1:15:1D:88:A4] SUBTYPE_AUTH
Jun 23 16:17:22 kernel: [Ilyana][90:C1:15:1D:88:A4] Open Authentication
Jun 23 16:17:22 kernel: [Ilyana][90:C1:15:1D:88:A4] Associated
Jun 23 16:17:32 kernel: [Ilyana][90:C1:15:1D:88:A4] Deauthenticated
Jun 23 17:31:24 kernel: [][E0:2A:82:AC:6D:CB] SUBTYPE_AUTH
Jun 23 17:31:24 kernel: [Ilyana][E0:2A:82:AC:6D:CB] Open Authentication
Jun 23 17:31:24 kernel: [Ilyana][E0:2A:82:AC:6D:CB] Associated
Jun 23 18:12:54 kernel: [][88:53:2E:50:11:FD] SUBTYPE_AUTH
Jun 23 18:12:54 kernel: [Lily][88:53:2E:50:11:FD] Open Authentication
Jun 23 18:12:54 kernel: [Lily][88:53:2E:50:11:FD] Associated
Jun 23 19:19:06 kernel: [][90:C1:15:1D:88:A4] SUBTYPE_AUTH
Jun 23 19:19:06 kernel: [Ilyana][90:C1:15:1D:88:A4] Open Authentication
Jun 23 19:19:06 kernel: [Ilyana][90:C1:15:1D:88:A4] Associated
Jun 23 19:19:17 kernel: [Ilyana][90:C1:15:1D:88:A4] Deauthenticated
Jun 23 19:40:12 kernel: [][F8:1E:DF:E2:CB:9A] SUBTYPE_AUTH
Jun 23 19:40:12 kernel: [Kim][F8:1E:DF:E2:CB:9A] Open Authentication
Jun 23 19:40:12 kernel: [Kim][F8:1E:DF:E2:CB:9A] Associated
Jun 23 19:49:35 kernel: [][90:C1:15:1D:88:A4] SUBTYPE_AUTH
Jun 23 19:49:35 kernel: [Ilyana][90:C1:15:1D:88:A4] Open Authentication
Jun 23 19:49:35 kernel: [Ilyana][90:C1:15:1D:88:A4] Associated
Jun 23 19:49:45 kernel: [Ilyana][90:C1:15:1D:88:A4] Deauthenticated
Jun 23 20:08:46 kernel: [Kim][F8:1E:DF:E2:CB:9A] DisAssociated
What category does the detailed log falls into? or how else do I recieve it?
here is the cut-out from the manual:
In addition to the standard event log, the access point can send a
detailed log to an external Syslog server. The access point’s Syslog
captures all log activities and includes this information about all data
transmissions: every connection source and destination IP address, IP
server, and number of bytes transferred.
(middle of the page 46 of Administration Guide: http://www.cisco.com/en/US/docs/wireless/access_point/csbap/wap4410n/administration/guide/WAP4410N_Admin_Guide.pdf)
06-25-2012 05:37 PM
Hi Yana,
I set up one of our WAP4410Nn in our lab and I was able to get logs on following activities;
change to https from hhtp;
change of ip to static from DHCP;
change of channel;
change of security;
entering passphrase;
changed of the time zone;
chanages in advanced wireless settings;
everytime you (IP address) login to it;
All of the above activities were recorded in the syslog server with the ip address of the machine doing the changes. I did not tested wireless client connection, we just do not have such capabilities here. But all of the above worked fine. I was using TFTPD32 server. You can download for free online. Not sure maybe your server requires some config.
Sincerely,
Alena Patterson
Cisco SBSC engineer
CCNA
06-25-2012 08:55 PM
Hi Alena
I'm particularly interested in the logs which would allow me to count number of bytes transferred and attribute those to a particular SSID (or MAC or IP).
the manual promises the access point can send such information to an external Syslog server. Can it?
06-26-2012 09:34 AM
Hi Yana,
I was able to recreate this issue in our lab. What we can do is to send this to our escalation team for resolution. But for this, we need you to call us at 1-866-606-1866 or contact us via chat so that we can create a case and proceed further.
Sincerely,
Alena Patterson
Cisco SBSC engineer
CCNA
06-26-2012 03:02 PM
Thanks for your help!
will do.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: