Syslog message on rogue detection - Catalyst 9800 WLC

Chris Donkelaar · ‎07-07-2020

Goodday all,

I've read several other posts about rogue detections being send as syslog messages on AireOS, but I'm now trying to get this done at the Catalyst 9800 WLC. In summary, I want a syslog message to a SIEM server once a rogue is detected. Do I need to do this via EEM as suggested in this post? I've enabled all SNMP traps, but there is nothing in the logs.

Or do I need to change the whole flow and start with Netconf, with help of the Cisco-IOS-XE-wireless-rogue-oper.yang model? And how would I configure this to use telemetry?

Or is this just not possible? That's also an answer.

Thanks in advance,

Chris

-If I helped you somehow, please, rate it as useful.-

RoadRunner4k · ‎09-16-2022

Did you find a solution for this? we are looking into the same usecase as you.

jwikiera · ‎01-11-2023

Enable syslog notification for Rogue events:

configure terminal
wireless wps rogue notify-syslog

mohamed-essoufy-ext · ‎09-02-2024

Hello all,

I search the message log for rogue detection in WLC 9800 please.

JPavonM · ‎09-02-2024

When enabling syslog notification with the command that @jwikiera recommended before, you need to look for syslog messages containing "ROGUE_SYSLOG-6", and if you also want aWIPS, then "APMGR_AWIPS_SYSLOG-6".

Look for the system messages for your version here: https://www.cisco.com/c/en/us/support/wireless/catalyst-9800-series-wireless-controllers/products-system-message-guides-list.html