Details
-
New Feature
-
Status: To Do
-
Minor
-
Resolution: Unresolved
-
None
-
None
Description
Create an parser for the AirMagnet telemetry source. An example line, raw and parsed, is provided below.
<116>Apr 27 00:19:01 TYRION-ABC04011 TYRION-ABC04011 Alert: Rogue AP Operating in Emery Mode from sensor PHIL8AUSS2-04, Location: /England/LONDON/ABC_07, Description: Rogue AP EE:1D:7F:C4:5B:D4 (SSID : Free) is detected, it is operating in green field mode, which is undetectable by WIPS that does not support 802.11n or not scanning 40 MHz channel, Source MAC: EE:1D:7F:C4:5B:D4-gn, Channel: 7
{"hostname":"TYRION-ABC04011","source_MAC_address":"EE:D4:7F:C4:6E:D4","original_string":"<116>Apr 27 00:19:01 TYRION-ABC04011 TYRION-ABC04011 Alert: Rogue AP Operating in Emery Mode from sensor PHIL8AUSS2-04, Location: /England/LONDON/ABC_07, Description: Rogue AP EE:1D:7F:C4:5B:D4 (SSID : Free) is detected, it is operating in green field mode, which is undetectable by WIPS that does not support 802.11n or not scanning 40 MHz channel, Source MAC: EE:1D:7F:C4:5B:D4-gn, Channel: 7","alert":"Rogue AP Operating in Greenfield Mode from sensor PHALBAAMS2-04","description":"Rogue AP EE:1D:7F:C4:5B:D4 (SSID : Free) is detected, it is operating in green field mode, which is undetectable by WIPS that does not support 802.11n or not scanning 40 MHz channel","wifi_channel":"7","location":"/England/LONDON/ABC_07","source.type":"airmagnet","priority":"116","timestamp":1461730741000}