Reset Search
 

 

Article

ADSP Alarm Output to External Syslog Server not showing OffenderSSID

« Go Back

Information

 
TitleADSP Alarm Output to External Syslog Server not showing OffenderSSID
Symptoms
External Syslog Server output not showing OffenderSSID on triggered alarms
Environment
  • AirDefense
  • AirDefense Services Platform
  • ADSP
  • ADSP 9
  • Alarm
  • OffenderSSID
  • Syslog Server
  • External Syslog server

 
Cause
The default fields in the Syslog do not include OffenderSSID details.

Users can create their own notification template and add this field (OffenderSSID)

Resolution
Instructions for configuring ADSP to output Alarm OffenderSSID information to external syslog server can be found here:
 

Syslog

 

1. We can customize the syslog as per the requirement.

2. WinSCP the ADSP server.

            a. Goto /usr/loca/smx/notification/xsl/default folder.

            b. Copy the Syslog.xsl file to local PC/laptop.

            c. Customize and add the fields either in < !-- Formats a new alarm > or < !-- Formats a cleared/expired alarm >

            d. Some examples of the fields:

<xsl:text>, AlarmDetails=</xsl:text>
 <xsl:value-of select=" AlarmDetails"/>
<xsl:text>, OffenderSSID=</xsl:text>
 <xsl:value-of select=" OffenderSSID"/>
<xsl:text>, AssociatedBSSDisplay=</xsl:text>
 <xsl:value-of select=" AssociatedBSSDisplay"/>
<xsl:text>, SignalStrength=</xsl:text>
 <xsl:value-of select=" SignalStrength"/>
<xsl:text>, Vlan=</xsl:text>
 <xsl:value-of select=" Vlan"/>
<xsl:text>, Channel=</xsl:text>
 <xsl:value-of select=" Channel"/>
<xsl:text>, Authorized=</xsl:text>
 <xsl:value-of select=" Authorized"/>
 

 

 

           e. Goto the ADSP server and place the newly created file in path /usr/loca/smx/notification/xsl/user folder.

                   i. Note, If the user folder is not available then create one.

                  ii. Note, the file name should begin with Syslog_

           f. Restart the services from WIPSAdminàrestart

3. Here is a Sample Syslog file for reference (cpy txt & save as Syslog_test.xsl) . The below has customizations done only for new alarms. On a similar note, we can modify the fields even for cleared alarms.

<?xml version="1.0" encoding="ISO-8859-1"?>
<xsl:stylesheet version="1.0"
xmlns:xsl="http://www.w3.org/1999/XSL/Transform">

<!-- Default Syslog message formatting stylesheet -->

<xsl:output method="html"/>

<xsl:key name="Criticalities" match="Alarm" use="CriticalityLevel"/>

<!-- Root template, it all starts here -->
<xsl:template match="/">
  <xsl:choose>
    <xsl:when test="Alarms/Alarm">
      <xsl:apply-templates select="Alarms/Alarm[1]"/>
    </xsl:when>
    <xsl:when test="Alarms/ClearedAlarm">
      <xsl:apply-templates select="Alarms/ClearedAlarm[1]"/>
    </xsl:when>
    <xsl:otherwise>No alarms to report</xsl:otherwise>
  </xsl:choose>
</xsl:template>

<!-- Formats a new alarm -->
<xsl:template match="Alarm">
  <xsl:text>Time=</xsl:text>
  <xsl:value-of select="GenerationTime"/>
  <xsl:text>,Category=</xsl:text>
  <xsl:value-of select="CategoryName"/>
  <xsl:text>,CriticalityLevel=</xsl:text>
  <xsl:value-of select="CriticalityLevel"/>
  <xsl:text>,Desc=</xsl:text>
  <xsl:value-of select="TypeDescription"/>
  <xsl:text>,device=</xsl:text>
  <xsl:value-of select="OffenderMac"/>
  <xsl:text>(</xsl:text>
  <xsl:value-of select="OffenderDisplay"/>
  <xsl:value-of select="OffenderProtocols"/>
  <xsl:text>),sensor=</xsl:text>
  <xsl:value-of select="SensorMac"/>
  <xsl:text>(</xsl:text>
  <xsl:value-of select="SensorDisplay"/>
  <xsl:value-of select="SensorProtocols"/>
  <xsl:text>)</xsl:text>
  <xsl:text>, AlarmDetails=</xsl:text>
   <xsl:value-of select=" AlarmDetails"/>
  <xsl:text>, OffenderSSID=</xsl:text>
   <xsl:value-of select=" OffenderSSID"/>
  <xsl:text>, AssociatedBSSDisplay=</xsl:text>
   <xsl:value-of select=" AssociatedBSSDisplay"/>
  <xsl:text>, SignalStrength=</xsl:text>
   <xsl:value-of select=" SignalStrength"/>
  <xsl:text>, Vlan=</xsl:text>
   <xsl:value-of select=" Vlan"/>
  <xsl:text>, Channel=</xsl:text>
   <xsl:value-of select=" Channel"/>
  <xsl:text>, Authorized=</xsl:text>
   <xsl:value-of select=" Authorized"/>

</xsl:template>

<!-- Formats a cleared/expired alarm -->
<xsl:template match="ClearedAlarm">
  <xsl:text>Cleared or Expired Alarm: ClearOrExpiredTime=</xsl:text>
  <xsl:value-of select="ClearTime"/>
  <xsl:text>,Category=</xsl:text>
  <xsl:value-of select="CategoryName"/>
  <xsl:text>,CriticalityLevel=</xsl:text>
  <xsl:value-of select="CriticalityLevel"/>
  <xsl:text>,Desc=</xsl:text>
  <xsl:value-of select="TypeDescription"/>
  <xsl:text>,device=</xsl:text>
  <xsl:value-of select="OffenderMac"/>
  <xsl:text>(</xsl:text>
  <xsl:value-of select="OffenderDisplay"/>
  <xsl:value-of select="OffenderProtocols"/>
  <xsl:text>),sensor=</xsl:text>
  <xsl:value-of select="SensorMac"/>
  <xsl:text>(</xsl:text>
  <xsl:value-of select="SensorDisplay"/>
  <xsl:value-of select="SensorProtocols"/>
  <xsl:text>)</xsl:text>
</xsl:template>

</xsl:stylesheet>
 


4. From AAM, choose an action as syslog and in the format drop-down, choose the new customized file format.

Additional notes

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255