05-18-2016 05:15 AM
I'm trying to identify someone in my environment that are resetting our radios to default configuration with admin password (some of our employees). I've enabled remote log, but they are flooding my log server with useless data (DHCPREQUEST, DHCPACK, HTTP REQUEST, etc). How can I log only useful information to me (not those debug ones) to help me to identify logins to Airmax web config interface?
05-18-2016 05:34 AM
First off are you sure it is not the MF worm that is defaulting your kit?
Second, if you are recording to a central syslog, you can search and filter on the results using something like PHP-syslog-NG.
05-18-2016 01:18 PM
Oh my god, after this post I saw what was going on! Thats really sad, about 800 stations here with valid IP addresses and different passwords! Thats bad, really bad.
But thanks for replying this!