Cisco Wlc
LogZilla App Store application: Cisco Wlc
Overview
Cisco Wireless LAN Controller (WLC) is a family of devices that manage wireless network access points, enabling wireless devices to connect to the network. WLC devices centralize wireless network management, security policies, and user authentication for enterprise wireless deployments.
App Function
The Cisco WLC app performs two primary functions:
- Parse Authentication Events: Identifies log messages with Cisco mnemonic
APF-3-AUTHENTICATION_TRAPand extracts client authentication data to create user tags - Message Normalization: Removes repetitive "It occurred N times" text from log messages to facilitate proper event deduplication
Vendor Documentation
- Cisco Wireless LAN Controllers
- What is a WLAN Controller?
- System and Message Logging
- Syslog Server Configuration on Wireless LAN Controllers
Incoming Log Format
Cisco WLC logs use standard Cisco IOS syslog format (see the Cisco app documentation for details). The processing workflow is:
- Cisco IOS App Processing: Logs are first processed by the Cisco IOS app to normalize them by removing date-timestamps and mnemonics
- WLC App Processing: Normalized logs arrive at the Cisco WLC app containing event messages with associated data elements
The message text varies significantly between event types and lacks consistent delimiters. Therefore, parsing requires specific knowledge of each Cisco event type (mnemonic) message template.
Parsed Metadata Fields
The Cisco WLC app currently parses data fields for one specific message type:
APF-3-AUTHENTICATION_TRAP authentication events. The following user tags are
generated from these messages:
| Tagged | Tag Name | Example | Description |
|---|---|---|---|
| ☑ | Client MAC | 11:22:33:44:cc:dd | MAC address of the wireless client |
| ☑ | Client AP MAC | 11:22:33:44:aa:bb | MAC address of the access point |
| ☑ | Client Username | xxx\prov-abcd$ | Username of the authenticated client |
| ☑ | Client IP | 11.22.33.44 | IP address assigned to the client |
| ☑ | Client SSID | XYZ-Secure | SSID of the wireless network |
Log Examples
Client Authenticated
textapf_80211.c:21442 Client Authenticated: MACAddress:11:22:33:44:cc:dd Base Radio MAC:11:22:33:44:aa:bb Slot:1 User Name:xxx\\prov-abcd$ Ip Address:1.2.3.4 SSID:MSU-Secure
Message Queueing Failed
textosapi_msgq.c:940 Failed to send a message to the message queue object: RogueApInfoChangedDB. enqueue failed.[...It occurred 9 times.!]
Source MAC Address Not Found
textsim.c:1380 Interface 0 source MAC address is not found. Using the system MAC 28:94:0F:AE:4A:E0 instead.