You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@metron.apache.org by "Domenic Puzio (JIRA)" <ji...@apache.org> on 2016/05/16 19:28:12 UTC
[jira] [Created] (METRON-163) Create AirMagnet Parser
Domenic Puzio created METRON-163:
------------------------------------
Summary: Create AirMagnet Parser
Key: METRON-163
URL: https://issues.apache.org/jira/browse/METRON-163
Project: Metron
Issue Type: Bug
Reporter: Domenic Puzio
Priority: Minor
Create an parser for the AirMagnet telemetry source. An example line, raw and parsed, is provided below.
<116>Apr 27 00:19:01 TYRION-ABC04011 TYRION-ABC04011 Alert: Rogue AP Operating in Emery Mode from sensor PHIL8AUSS2-04, Location: /England/LONDON/ABC_07, Description: Rogue AP EE:1D:7F:C4:5B:D4 (SSID : Free) is detected, it is operating in green field mode, which is undetectable by WIPS that does not support 802.11n or not scanning 40 MHz channel, Source MAC: EE:1D:7F:C4:5B:D4-gn, Channel: 7
{"hostname":"TYRION-ABC04011","source_MAC_address":"EE:D4:7F:C4:6E:D4","original_string":"<116>Apr 27 00:19:01 TYRION-ABC04011 TYRION-ABC04011 Alert: Rogue AP Operating in Emery Mode from sensor PHIL8AUSS2-04, Location: /England/LONDON/ABC_07, Description: Rogue AP EE:1D:7F:C4:5B:D4 (SSID : Free) is detected, it is operating in green field mode, which is undetectable by WIPS that does not support 802.11n or not scanning 40 MHz channel, Source MAC: EE:1D:7F:C4:5B:D4-gn, Channel: 7","alert":"Rogue AP Operating in Greenfield Mode from sensor PHALBAAMS2-04","description":"Rogue AP EE:1D:7F:C4:5B:D4 (SSID : Free) is detected, it is operating in green field mode, which is undetectable by WIPS that does not support 802.11n or not scanning 40 MHz channel","wifi_channel":"7","location":"/England/LONDON/ABC_07","source.type":"airmagnet","priority":"116","timestamp":1461730741000}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)