You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@metron.apache.org by "James Sirota (JIRA)" <ji...@apache.org> on 2016/06/02 05:33:59 UTC

[jira] [Updated] (METRON-163) Create AirMagnet Parser

     [ https://issues.apache.org/jira/browse/METRON-163?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

James Sirota updated METRON-163:
--------------------------------
    Labels: ParserExtension  (was: )

> Create AirMagnet Parser
> -----------------------
>
>                 Key: METRON-163
>                 URL: https://issues.apache.org/jira/browse/METRON-163
>             Project: Metron
>          Issue Type: New Feature
>            Reporter: Domenic Puzio
>            Priority: Minor
>              Labels: ParserExtension
>   Original Estimate: 24h
>  Remaining Estimate: 24h
>
> Create an parser for the AirMagnet telemetry source. An example line, raw and parsed, is provided below.
> <116>Apr 27 00:19:01 TYRION-ABC04011 TYRION-ABC04011 Alert: Rogue AP Operating in Emery Mode from sensor PHIL8AUSS2-04, Location: /England/LONDON/ABC_07, Description: Rogue AP EE:1D:7F:C4:5B:D4 (SSID : Free) is detected, it is operating in green field mode, which is undetectable by WIPS that does not support 802.11n or not scanning 40 MHz channel, Source MAC: EE:1D:7F:C4:5B:D4-gn, Channel: 7
> {"hostname":"TYRION-ABC04011","source_MAC_address":"EE:D4:7F:C4:6E:D4","original_string":"<116>Apr 27 00:19:01 TYRION-ABC04011 TYRION-ABC04011 Alert: Rogue AP Operating in Emery Mode from sensor PHIL8AUSS2-04, Location: /England/LONDON/ABC_07, Description: Rogue AP EE:1D:7F:C4:5B:D4 (SSID : Free) is detected, it is operating in green field mode, which is undetectable by WIPS that does not support 802.11n or not scanning 40 MHz channel, Source MAC: EE:1D:7F:C4:5B:D4-gn, Channel: 7","alert":"Rogue AP Operating in Greenfield Mode from sensor PHALBAAMS2-04","description":"Rogue AP EE:1D:7F:C4:5B:D4 (SSID : Free) is detected, it is operating in green field mode, which is undetectable by WIPS that does not support 802.11n or not scanning 40 MHz channel","wifi_channel":"7","location":"/England/LONDON/ABC_07","source.type":"airmagnet","priority":"116","timestamp":1461730741000}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)