It appears that there are two different types of log information generated by the WLC-5508. The stuff that can be sent directly to syslog seems to be very basic while most of the good log information is sent via snmp trap. Does anyone have this setup to log to a SIEM in a manner that gives a good security view into the wireless controller?
Have you tried to change the logging level on the wlc? There are multiple levels of logging that can be set on the wlc. On the wlc GUI, you can check the current logging level by navigating to this page - Management > Logs > Config > Syslog Server. Under the "Syslog Server", you can change the level of logging.
If you set a logging level, only those messages whose severity is equal to or less than that level are logged by the controller. Note that setting a higher logging level on the wlc might result in more logs sent to the syslog server.
Thank you for the reply. I'm very familiar with logging levels. The fact is that the WLC provides very little security relevant information via syslog. Most is sent via SNMP trap. I'll be using SNMP traps for this.
Did you get what you wanted out of SNMP for the logging information? I'm trying to work with my (reluctant) network admin to send WLC logs to my SIEM device, but all I'm seeing is unimportant, mostly non-security related logs. I don't even get a log when users attach to wireless or any other useful kinds of info. (logging level is set to 6).
Transferring Crash file from standby:
Login to the Active WLC in HA.
(Cisco Controller) >transfer upload datatype crash
(Cisco Controller) >transfer upload filename <Desired filename>
(Cisco Controller) >transfer up...
This is the start of a display filter cross reference between Wireshark and OmniPeek.
The 1st installment is a table of advanced filters. More filters will be added as time allows.
It is a living doc, so check back for changes every so often
Please feel ...
I have created a Powershell script to automatically add a Wireless Guest User on Cisco WLCs. (tested on 2500 Series)
The script should be completely self explanatory.
Powershell SNMP Module (Install-Module -Name SNMP)
SNMP Write Access to...