cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1577
Views
0
Helpful
6
Replies

Detailed syslog from WAP4410n

lastochka
Level 1
Level 1

Hi

I need to count traffic used by each device connected to the access point.

The manual says:

In addition to the standard event log, the access point can send a

detailed log to an external Syslog server. The access point’s Syslog

captures all log activities and includes this information about all data

transmissions: every connection source and destination IP address, IP

server, and number of bytes transferred.

How do I get that detailed log sent to a local IP address? All I managed to get so far is standard log - configuration changes and autenthication mesages.

6 Replies 6

alepatte
Level 1
Level 1

Hi Yana,

Thank you for contacting Cisco Small Business Forum.

In the device, under the Administration-->Log tabs you can select what type of logs you would like to receive.

The following options are available for you on this device:

- unauthorized access;

- authorised access;

- system error message;

- configuration changes;

You have to enable all those in order to see all ofthem.  If you have only System Error and Configuration changes enabled for logging, then that all you will get.

Hope that helps.

Sincerely,

Alena Patterson

Cisco SBSC engineer

CCNA

Alena, thanks for your reply.

Yes, I did all that and this is the kind of log I get from the device:

Jun 23 16:17:22 kernel: [][90:C1:15:1D:88:A4] SUBTYPE_AUTH

Jun 23 16:17:22 kernel: [Ilyana][90:C1:15:1D:88:A4] Open Authentication

Jun 23 16:17:22 kernel: [Ilyana][90:C1:15:1D:88:A4] Associated

Jun 23 16:17:32 kernel: [Ilyana][90:C1:15:1D:88:A4] Deauthenticated

Jun 23 17:31:24 kernel: [][E0:2A:82:AC:6D:CB] SUBTYPE_AUTH

Jun 23 17:31:24 kernel: [Ilyana][E0:2A:82:AC:6D:CB] Open Authentication

Jun 23 17:31:24 kernel: [Ilyana][E0:2A:82:AC:6D:CB] Associated

Jun 23 18:12:54 kernel: [][88:53:2E:50:11:FD] SUBTYPE_AUTH

Jun 23 18:12:54 kernel: [Lily][88:53:2E:50:11:FD] Open Authentication

Jun 23 18:12:54 kernel: [Lily][88:53:2E:50:11:FD] Associated

Jun 23 19:19:06 kernel: [][90:C1:15:1D:88:A4] SUBTYPE_AUTH

Jun 23 19:19:06 kernel: [Ilyana][90:C1:15:1D:88:A4] Open Authentication

Jun 23 19:19:06 kernel: [Ilyana][90:C1:15:1D:88:A4] Associated

Jun 23 19:19:17 kernel: [Ilyana][90:C1:15:1D:88:A4] Deauthenticated

Jun 23 19:40:12 kernel: [][F8:1E:DF:E2:CB:9A] SUBTYPE_AUTH

Jun 23 19:40:12 kernel: [Kim][F8:1E:DF:E2:CB:9A] Open Authentication

Jun 23 19:40:12 kernel: [Kim][F8:1E:DF:E2:CB:9A] Associated

Jun 23 19:49:35 kernel: [][90:C1:15:1D:88:A4] SUBTYPE_AUTH

Jun 23 19:49:35 kernel: [Ilyana][90:C1:15:1D:88:A4] Open Authentication

Jun 23 19:49:35 kernel: [Ilyana][90:C1:15:1D:88:A4] Associated

Jun 23 19:49:45 kernel: [Ilyana][90:C1:15:1D:88:A4] Deauthenticated

Jun 23 20:08:46 kernel: [Kim][F8:1E:DF:E2:CB:9A] DisAssociated

What category does the detailed log falls into? or how else do I recieve it?

here is the cut-out from the manual:

In addition to the standard event log, the access point can send a

detailed log to an external Syslog server. The access point’s Syslog

captures all log activities and includes this information about all data

transmissions: every connection source and destination IP address, IP

server, and number of bytes transferred.

(middle of the page 46 of Administration Guide: http://www.cisco.com/en/US/docs/wireless/access_point/csbap/wap4410n/administration/guide/WAP4410N_Admin_Guide.pdf)

Hi Yana,

I set up one of our WAP4410Nn in our lab and I was able to get logs on following activities;

change to https from hhtp;

change of ip to static from DHCP;

change of channel;

change of security;

entering passphrase;

changed of the time zone;

chanages in advanced wireless settings;

everytime you (IP address) login to it;

All of the above activities were recorded in the syslog server with the ip address of the machine doing the changes.  I did not tested wireless client connection, we just do not have such capabilities here.  But all of the above worked fine.  I was using TFTPD32 server.  You can download for free online.  Not sure maybe your server requires some config.

Sincerely,

Alena Patterson

Cisco SBSC engineer

CCNA

Hi Alena

I'm particularly interested in the logs which would allow me to count number of bytes transferred and attribute those to a particular SSID (or MAC or IP).

the manual promises the access point can send such information to an external Syslog server. Can it?

Hi Yana,

I was able to recreate this issue in our lab.  What we can do is to send this to our escalation team for resolution.  But for this, we need you to call us at 1-866-606-1866 or contact us via chat so that we can create a case and proceed further.

Sincerely,

Alena Patterson

Cisco SBSC engineer

CCNA

Thanks for your help!

will do.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: