[
https://issues.apache.org/jira/browse/METRON-163?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
James Sirota updated METRON-163:
--------------------------------
Labels: ParserExtension (was: )
> Create AirMagnet Parser
> -----------------------
>
> Key: METRON-163
> URL: https://issues.apache.org/jira/browse/METRON-163
> Project: Metron
> Issue Type: New Feature
> Reporter: Domenic Puzio
> Priority: Minor
> Labels: ParserExtension
> Original Estimate: 24h
> Remaining Estimate: 24h
>
> Create an parser for the AirMagnet telemetry source. An example line, raw and
> parsed, is provided below.
> <116>Apr 27 00:19:01 TYRION-ABC04011 TYRION-ABC04011 Alert: Rogue AP
> Operating in Emery Mode from sensor PHIL8AUSS2-04, Location:
> /England/LONDON/ABC_07, Description: Rogue AP EE:1D:7F:C4:5B:D4 (SSID : Free)
> is detected, it is operating in green field mode, which is undetectable by
> WIPS that does not support 802.11n or not scanning 40 MHz channel, Source
> MAC: EE:1D:7F:C4:5B:D4-gn, Channel: 7
> {"hostname":"TYRION-ABC04011","source_MAC_address":"EE:D4:7F:C4:6E:D4","original_string":"<116>Apr
> 27 00:19:01 TYRION-ABC04011 TYRION-ABC04011 Alert: Rogue AP Operating in
> Emery Mode from sensor PHIL8AUSS2-04, Location: /England/LONDON/ABC_07,
> Description: Rogue AP EE:1D:7F:C4:5B:D4 (SSID : Free) is detected, it is
> operating in green field mode, which is undetectable by WIPS that does not
> support 802.11n or not scanning 40 MHz channel, Source MAC:
> EE:1D:7F:C4:5B:D4-gn, Channel: 7","alert":"Rogue AP Operating in Greenfield
> Mode from sensor PHALBAAMS2-04","description":"Rogue AP EE:1D:7F:C4:5B:D4
> (SSID : Free) is detected, it is operating in green field mode, which is
> undetectable by WIPS that does not support 802.11n or not scanning 40 MHz
> channel","wifi_channel":"7","location":"/England/LONDON/ABC_07","source.type":"airmagnet","priority":"116","timestamp":1461730741000}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
