Cisco Aironet¶
About¶
Cisco Aironet is a line of wireless access points and other wireless networking equipment produced by Cisco Systems. Aironet access points are designed to provide secure and reliable wireless connectivity for enterprise and commercial environments. They support various wireless protocols such as 802.11a, 802.11b, 802.11g, 802.11n, and 802.11ac, and can be used for both indoor and outdoor wireless networking applications.
Cisco Aironet access points come with advanced features such as Quality of Service (QoS) support, automatic channel selection, and support for multiple SSIDs. They also support centralized management and can be integrated with other Cisco networking equipment for easy deployment and management of wireless networks. Cisco Aironet access points are commonly used in corporate environments, healthcare, education, retail, and hospitality industries, as well as in public venues such as stadiums and airports.
Product Details¶
Vendor URL: Cisco Wireless product support
Product Type: Wireless
Product Tier: Tier II
Integration Method: Syslog
Integration URL: Cisco IOS Configuration Guide for Autonomous Cisco Aironet Access Points
Log Guide: Cisco IOS Configuration Guide for Autonomous Cisco Aironet Access Points
Parser Details¶
Log Format: Syslog
Expected Normalization Rate: 95%
Data Label: CISCO_AIRONET
UDM Fields (list of all UDM fields leveraged in the Parser):
| Log File Field | UDM Field |
|---|---|
| application | principal.application |
| client_mac | target.mac |
| host_ip | principal.ip |
| hostname | principal.hostname |
| mobile_mac | target.mac |
| result | metadata.product_event_type |
| security_result | security_result |
| src_ip | src.ip |
| src_mac | src.mac |
| target_ip | target.ip |
| target_mac | target.mac |
| username | target.user.userid |
Product Event Types¶
| Type | Severity | UDM Event Classification | Alerting Enabled |
|---|---|---|---|
| Default | GENERIC_EVENT |
Log Sample¶
<158>Apr 24 20:04:48 10.0.0.1 REMOTE-WXC-LXXXXL: *webauthRedirect: Apr 24 20:04:48.477: %EMWEB-6-HTTP_REQ_BEGIN_ERR: http_parser.c:580 http request should begin with a character
Sample Parsing¶
metadata.event_timestamp"2023-04-24T20:04:48Z"
metadata.event_type"GENERIC_EVENT"
metadata.log_type"CISCO_AIRONET"
metadata.product_event_type"HTTP_REQ_BEGIN_ERR"
metadata.product_name"Aironet"
metadata.vendor_name"CISCO"
principal.application"webauthRedirect"
principal.hostname"REMOTE-WXC-LXXXXL"
principal.ip[0]"10.0.0.1"
security_result[0].action_details"HTTP_REQ_BEGIN_ERR"
security_result[0].severity"INFORMATIONAL"
security_result[0].severity_details"6"
security_result[0].summary"http_parser.c:580 http request should begin with a character"
Rules¶
Coming Soon