This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to see who has Logged in when on wich AP with what Mac Adress


I am searching around here for hours but can't find an Answer.

I Have a Bridge to LAN Wi-Fi with wpa2 full length random letters and numbers Password. Today I saw the DC`s DHCP has leased an IP to an unknown device.

MAC 12:11:23:4b:40:86 Name A30-von-Nalan (I think Samsung A30 but mac seems to be virtual) I don't know anyone with this Name.

Device is not longer online (can't ping it or something) Lease time 8days lease ends 27th NOV so it was active at the 19th

It has to be an Wi-Fi Device, because there is no way to plug a device into a Physical LAN Port .
I have the mac address of it and entered it into Protocols filter and there is no Result, because the XGS is not the DHCP for this Wi-Fi I tried it with some other macs

witch are actual in Wi-Fi. NO RESULTS for Connect or Disconnect events just firewall rules !!! So I googled around and found this:

tail-f /var/tslog/wc_remote.log

Ok Going there, I see only actual connect activities but no log for 3day old activities.

Can this be true that there is no log functionality for Wi-Fi access and no warning function for random connection attempts with wrong Wi-Fi passwords or something or new connection from first time mac addresses??

I mean bought new APs for 2500 € and can't believe this essential security feature is nowhere? (UTM had it)

Do the APs log that events internal and how do I get those?

So Please help me! Looks like I am to stupid for this.

Thank U for reading and answers.

Regards Christian.

This thread was automatically locked due to age.
  • Hello,

    I can confirm that I have not found anything to create log files.

    I also miss the possibility for wireless via Sophos Central, to banish equipment or even create filters. This is standard with every Fritzbox standard, but apparently not possible with Sophos.
    If someone has a solution for this, for example, one needs another tool or a firewall, so I would be grateful for an answer.

    Greeting Karsten

  • Hi,
    I have found a way to block devices based on MAC address on wifi.

    Log in to Sophos Central
    select the SSID in which the device appeared
    Advanced settings
    MAC Filtering (at the bottom)
    None" is selected by default, but you can select "List Blocked" or "List Allowed" and then allow or block devices based on the MAC.

    After editing, do not forget to click on "Save" in the top right-hand corner.

    Maybe it will help one or the other.

    Translated with