This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos UTM 9.407-3 released


Up2Date 9.407003 package description:

Remarks:
System will be rebooted
Configuration will be upgraded
Connected REDs will perform firmware upgrade
Connected Wifi APs will perform firmware upgrade

News:
Maintenance Release

Bugfixes:
Fix [NUTM-4079]: [AWS] DNS Resolver too slow for ELBs
Fix [NUTM-3885]: [Access & Identity] [RED] RED50 reconnecting every 30 minutes
Fix [NUTM-4502]: [Access & Identity] [RED] reactivating RED management causes problem with provisioning server
Fix [NUTM-4749]: [Access & Identity] [RED] interface default routes are not written
Fix [NUTM-4832]: [Access & Identity] 9.404 SSL site-to-site VPN client is not compatibal with older UTM versions
Fix [NUTM-4870]: [Access & Identity] STAS: Packetfilter rule is written too late when enabling the feature
Fix [NUTM-4875]: [Access & Identity] 9.404 SSL site-to-site VPN doesn't work with static IP setting
Fix [NUTM-4881]: [Access & Identity] IPsec remote access xauth fails with "could not find cache entry"
Fix [NUTM-4918]: [Access & Identity] HTML5 VPN: Portuguese (Brazil) keyboard doesn't appear to support special characters
Fix [NUTM-4974]: [Access & Identity] UTM unable to connect to support tunnel
Fix [NUTM-4981]: [Access & Identity] [RED] RED management can't be reactivated after a Backup / Restore
Fix [NUTM-4987]: [Access & Identity] 9.404 SSL site-to-site VPN client compatibility to older openvpn versions
Fix [NUTM-5004]: [Access & Identity] [RED] misleading peer status send
Fix [NUTM-4941]: [Basesystem] NTP Vulnerability
Fix [NUTM-5132]: [Basesystem] Disable weak ciphers for webadmin
Fix [NUTM-3180]: [Confd] IP Address change was not applied properly to the interface
Fix [NUTM-4346]: [Documentation] Enhance documentation regarding unencrypted SSO AD password in printable configuration
Fix [NUTM-3225]: [Email] JSON error when accessing Data Loss Prevention Tab and SMTP Profiles
Fix [NUTM-3483]: [Email] Missing/incomplete logging for sandstorm in SMTP proxy
Fix [NUTM-3505]: [Email] MIME type blacklist can be bypassed if an another file is whitelisted
Fix [NUTM-3666]: [Email] Mail log in user portal is case-sensitive
Fix [NUTM-3667]: [Email] RAR and XLSX files causing Scanner timeout or deadlock - moving to error queue
Fix [NUTM-4331]: [Email] Implement more error handling in QMGR for error cases
Fix [NUTM-4874]: [Email] SMTP proxy can't be disabled when upgrading from 9.31x
Fix [NUTM-5228]: [Email] change LogLevel in httpd-spx-reply.conf to warn
Fix [NUTM-5355]: [Email] Increase AV Scanner timeout to 60 seconds
Fix [NUTM-2768]: [HA/Cluster] 36307: Postgres can't be started on Slave / rsync error: error in socket IO (code 10) at clientserver.c(122) [receiver=3.0.4]
Fix [NUTM-4894]: [Logging] Fallback log on slave node is filling up the partition
Fix [NUTM-1954]: [Network] 35457: Amazon vpc gets imported but quagga doesnt start
Fix [NUTM-3092]: [Network] snmp does not work: because 10G modules query of link status timeout if no GBIC is plugged
Fix [NUTM-3115]: [Network] AFC misclassifying HTTPS connections as 'OpenVPN'
Fix [NUTM-3157]: [Network] [INFO-152] Network Monitor not running - restarted
Fix [NUTM-3229]: [Network] IPv6 over transparent proxy
Fix [NUTM-3247]: [Network] Spam Filter cannot query database servers from Slave if a block all AFC rule exists
Fix [NUTM-4037]: [Network] Update kernel to 3.12.58
Fix [NUTM-4992]: [Network] Unitymedia / KabelBW customer getting always the MTU 576
Fix [NUTM-4885]: [Reporting] SSL VPN reporting shows no user with a "#" sign in the username
Fix [NUTM-4593]: [Sandboxd] Constant error when inserting record into sandstorm transactionlog table
Fix [NUTM-5128]: [Virtualization] Incorrect interface order on HyperV
Fix [NUTM-4868]: [WAF] WAF service restart issue (segmentation fault in mod_avscan)
Fix [NUTM-5266]: [WAF] Form auth default template login not possible with chrome and FF
Fix [NUTM-4916]: [WebAdmin] User portal: add Windows 10 to list of supported OSs for SSL VPN
Fix [NUTM-2447]: [Web] 36231: HTTP proxy policy matching with backend groups is sometimes not working
Fix [NUTM-4525]: [Web] Handle ha zeroconf for sandbox_reportd
Fix [NUTM-4806]: [Web] postgres[xxxxx]: [x-x] STATEMENT: INSERT INTO TransactionLog
Fix [NUTM-4877]: [Web] segfault after installing ep-httpproxy-9.40-319.g32fa996.i686.rpm
Fix [NUTM-4127]: [WiFi] MAC filter whitelist does not work after editing the MAC Address List
Fix [NUTM-4451]: [WiFi] Mesh AP doesn't connect after deleting the AP from webadmin
Fix [NUTM-4913]: [WiFi] Hotspot voucher QR code pointing to IP address instead of configured host name
Fix [NUTM-5032]: [WiFi] 'STA WPA Failure' messages not appearing in wireless log

RPM packages contained:
firmwares-bamboo-9400-0.239798409.gadeedea.rb1.i586.rpm
freerdp-1.0.2-5.g9ab7846.rb6.i686.rpm
modavscan-9.40-88.g4be0a1f.rb3.i686.rpm
perf-tools-3.12.58-0.238097715.g942ca6f.rb5.i686.rpm
red-firmware2-5033-0.237486050.g1d6fa2f.rb1.noarch.rpm
red15-firmware-5033-0.237486204.g88604a9.rb4.noarch.rpm
uma-9.40-9.g4114428.rb3.i686.rpm
ep-reporting-9.40-28.g366bbbd.rb8.i686.rpm
ep-reporting-c-9.40-29.gdbdd0e5.rb7.i686.rpm
ep-reporting-resources-9.40-28.g366bbbd.rb8.i686.rpm
ep-aua-9.40-29.g044c154.rb4.i686.rpm
ep-branding-ASG-afg-9.40-45.ga7a71f4.rb4.noarch.rpm
ep-branding-ASG-ang-9.40-45.ga7a71f4.rb4.noarch.rpm
ep-branding-ASG-asg-9.40-45.ga7a71f4.rb4.noarch.rpm
ep-branding-ASG-atg-9.40-45.ga7a71f4.rb4.noarch.rpm
ep-branding-ASG-aug-9.40-45.ga7a71f4.rb4.noarch.rpm
ep-confd-9.40-758.g4ba8297.i686.rpm
ep-confd-tools-9.40-699.g3e73a8d.rb11.i686.rpm
ep-endpoint-0.5-0.238842559.g74c0041.rb3.i686.rpm
ep-ha-aws-9.40-193.gbbbdb1f.rb1.noarch.rpm
ep-libs-9.40-18.g98311c6.rb4.i686.rpm
ep-mdw-9.40-473.gbb2acca.rb1.i686.rpm
ep-migration-agent-9.40-0.238246977.g97d8100.rb2.i686.rpm
ep-repctl-0.1-0.236091535.g244907c.rb4.i686.rpm
ep-screenmgr-9.40-1.g05ac056.rb11.i686.rpm
ep-utm-watchdog-9.40-9.gb87dc68.rb5.i686.rpm
ep-webadmin-9.40-649.gcf9df68.rb15.i686.rpm
ep-webadmin-contentmanager-9.40-48.g2579cc5.rb7.i686.rpm
ep-chroot-dhcpc-9.40-7.g5875cb6.rb4.noarch.rpm
ep-chroot-httpd-9.40-13.g05599fc.rb4.noarch.rpm
ep-chroot-smtp-9.40-108.g7e71836.rb1.i686.rpm
chroot-ntp-4.2.8p8-0.g2398560.rb7.i686.rpm
chroot-openvpn-9.40-26.g733afa5.rb6.i686.rpm
chroot-reverseproxy-2.4.10-242.g832ffb5.rb3.i686.rpm
ep-httpproxy-9.40-351.gd42c00a.rb8.i686.rpm
kernel-smp-3.12.58-0.238097715.g942ca6f.rb6.i686.rpm
kernel-smp64-3.12.58-0.238097715.g942ca6f.rb6.x86_64.rpm
ep-release-9.407-3.noarch.rpm



This thread was automatically locked due to age.
  • When you tipe cc and press enter you will enter kind of a second shell. Inside that shell you will type those command twister5800 provided. I'll try to explain a bit further to you:

    type cc and press [enter]

    You will get and output like:

    Confd command-line client. Maintainer: <Ingo.Schwarze@sophos.com>

    Connected to 127.0.0.1:4472, SID = VGdqvYBurSTNHXVdhnqk.
    Available modes: MAIN OBJS RAW WIZARD.
    Type mode name to switch mode.
    Typing 'help' will always give some help.
    127.0.0.1 MAIN >

    This means your are inside cc shell.

    type RAW and press [ENTER]

    type lock_override and press [ENTER]

    type OBJS and press [ENTER]

    type interface and press [ENTER]

    Now it gets a little tricky. Most setups which has this issue uses an ethernet type WAN, so:

    type ethernet and press [ENTER]

    Here you will have to "select" your WAN interface. To do that:

    type REF_ (this is case sensitive) and press [TAB] two times. It should list all your ethernet type interfaces, like this:

    REF_DefaultInternal[Internal,interface,ethernet]
    REF_IntEthExternaWan[WAN,interface,ethernet]

    On a default configuration system, it should look exactly like this, but don't worry if it doesn't. From that lines, look for the one that contains something like "REF_IntEthExternaWan" or the name of your WAN interface.After you locate the name for your WAN interface from the list, type the rest of the object name (case sensitive). To avoid any typos, you can copy and paste the rest of the object name after REF_.

    For example, provided that your WAN interface is using the default name, you should then complete REF_ with:

    REF_IntEthExt and press [TAB] again.

    That will autocomplete the name for your WAN interface. Then, press [ENTER] again.

    You should get an output iike this:

    'additional_addresses' => [],
    'bandwidth' => 0,
    'comment' => 'Added by installation wizard',
    'inbandwidth' => 100000000,
    'itfhw' => 'REF_ItfEthEth1',
    'link' => 1,
    'mtu' => 576,
    'mtu_auto_discovery' => 1,
    'name' => 'WAN',
    'outbandwidth' => 20000000,
    'primary_address' => 'REF_ItfPri000024',
    'proxyarp' => 0,
    'proxyndp' => 0,
    'status' => 1
    }

    If you do, you are in the right track. Then type:

    mtu_auto_discovery=0 

    and press [ENTER]

    You will get the same output as before, but mind the subtle change on 'mtu_auto_discovery' line, that should now be 0.

    To save, type 

    and press [ENTER]

    this will save your configuration.

    type exit and press [ENTER]

    this will return to the shell.

    After that, fix the MTU in Webadmin and it should not revert to 576 anymore.

    Let me know how it goes.

    Regards - Giovani

  • Thanks, Giovani! That did the trick. I was on the right track, but I must have mistyped the first ("cc") command somehow, because when I tried it earlier, I got a bash command not found error, so I didn't try to go any farther. How do you mistype a two-character command? I don't know, but I somehow managed to do it. Anyway, I followed your instructions and set mtu_auto_discovery to 0. Saved, set the MTU to 1500 (even though the web interface said it already was), rebooted the UTM (not sure if that was necessary but figured it couldn't hurt), and now everything is working again.

    I'm still not sure why the web interface was showing the MTU setting was 1500 (before I applied the latest fix), when it pretty clearly (by the evidence) wasn't. Maybe that was a side-effect of the earlier patch?

  • You can use Giovani's fix directly from the command line...

    I would start in cc to find out the REF_ of the interface you want to change:

    cc
    interfaces
    interfaces@
    exit

    That lets you see the REF_s along with the WebAdmin names of the interfaces.

    Assuming that you found the REF was REF_IntEthExternal, you could issue the command

    cc change_object REF_IntEthExternal mtu_auto_discovery 0

    To check your work:

    cc get_object REF_IntEthExternal

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • BAlfson said:

    I would start in cc to find out the REF_ of the interface you want to change:

    cc
    interfaces
    interfaces@
    exit

    That is largely replaceable with "cc get interfaces"

    A different approach is "cc get_interface_ref_by_hardware <interface>". Example usage "cc get_interface_ref_by_hardware eth0"

     

    Also, out-of-band management was briefly discussed in the past, perhaps it is a topic for the community to revisit.

  • I'm curious as well.

    This new feature has caused problems for us by quarantining emails having the same address in the To: and Cc:, which is arguably incorrect to begin with but only started causing problems after installing UTM 9.407-3.

    When viewing the quarantined message it shows:

    There's also nothing that can be found in the help files about this feature.

    Regards,

    Tjalling Soldaat

  • Is this overview working for you? If i try to open this the last overview stays and nothing happens.

     

    Greets

  • After Update to 9.407-3 (ha-system) I see that on the shell:

     

    <M> gateway:/ # nl80211 not found.
    nl80211 not found.
    nl80211 not found.
    nl80211 not found.
    nl80211 not found.
    nl80211 not found.
    nl80211 not found.
    nl80211 not found.
    nl80211 not found.
    nl80211 not found.
    nl80211 not found.
    nl80211 not found.
    nl80211 not found.
    nl80211 not found.
    nl80211 not found.
    nl80211 not found.
    nl80211 not found.
    nl80211 not found.
    nl80211 not found.
    nl80211 not found.
    nl80211 not found.
    nl80211 not found.
    nl80211 not found.
    nl80211 not found.
    nl80211 not found.
    ....
    ....

     

    ??????

     

    What's wrong there?

  • Ingorad said:

    Is this overview working for you? If i try to open this the last overview stays and nothing happens.

     

    Greets

     

     

    Same thing here, it's not even described in the Online Help ?!

    -----

    Best regards
    Martin

    Sophos XGS 2100 @ Home | Sophos v20 Technician

  • Alphatec said:

    After Update to 9.407-3 (ha-system) I see that on the shell:

     

    <M> gateway:/ # nl80211 not found.
    nl80211 not found.

     

    What's wrong there?

     

     

    can you post the wireless live log?

     

    UPDATE:

    Also try this thread - do you have AP30s?:

     

    https://community.sophos.com/products/unified-threat-management/f/wireless-security/77476/ap30-unstable-since-9-401

    -----

    Best regards
    Martin

    Sophos XGS 2100 @ Home | Sophos v20 Technician

  • We have two AP30 , one AP50 and two AP55

     

    part of the wirless.log:

     

    2016:10:05-08:21:08 A4002D1C8EF0621 hostapd: wlan8: STA 00:61:71:ab:a9:5e IEEE 802.11: associated (aid 1)
    2016:10:05-08:21:08 A4002D1C8EF0621 hostapd: wlan8: STA 00:61:71:ab:a9:5e WPA: pairwise key handshake completed (RSN)
    2016:10:05-08:21:08 A4002D1C8EF0621 awelogger[3165]: id="4104" severity="info" sys="System" sub="WiFi" name="STA association" ssid="KoelleGuest" ssid_id="WLAN0.1" bssid="00:1a:8c:9d:a6:d5" sta="00:61:71:ab:a
    9:5e" status_code="0"
    2016:10:05-08:21:08 A4002D1C8EF0621 awelogger[3165]: id="4101" severity="info" sys="System" sub="WiFi" name="STA connected" ssid="KoelleGuest" ssid_id="WLAN0.1" bssid="00:1a:8c:9d:a6:d5" sta="00:61:71:ab:a9:
    5e"
    2016:10:05-08:25:03 192.168.132.2 hostapd: wlan0: STA 4c:66:41:6b:21:de WPA: group key handshake completed (RSN)
    2016:10:05-08:25:03 192.168.132.2 hostapd: wlan0: STA 10:41:7f:07:d2:4f WPA: group key handshake completed (RSN)
    2016:10:05-08:25:03 192.168.132.2 hostapd: wlan0: STA ac:5f:3e:b4:55:04 WPA: group key handshake completed (RSN)
    2016:10:05-08:25:04 192.168.132.2 hostapd: wlan0: STA 38:71:de:5f:6f:db WPA: group key handshake completed (RSN)
    2016:10:05-08:25:04 192.168.132.2 hostapd: wlan0: STA 50:7a:55:1b:5b:c7 WPA: group key handshake completed (RSN)
    2016:10:05-08:25:04 192.168.132.2 hostapd: wlan0: STA 90:60:f1:38:b7:44 WPA: group key handshake completed (RSN)
    2016:10:05-08:25:04 192.168.132.2 hostapd: wlan0: STA ac:5f:3e:4c:ec:12 WPA: group key handshake completed (RSN)
    2016:10:05-08:25:07 192.168.132.2 awelogger[1289]: id="4105" severity="info" sys="System" sub="WiFi" name="STA WPA failure" ssid="KoelleGuest" ssid_id="WLAN0.0" bssid="00:1a:8c:2e:60:70" sta="00:61:71:ab:a9:
    5e" reason_code="2"
    2016:10:05-08:25:07 192.168.132.2 awelogger[1289]: id="4102" severity="info" sys="System" sub="WiFi" name="STA disconnected" ssid="KoelleGuest" ssid_id="WLAN0.0" bssid="00:1a:8c:2e:60:70" sta="00:61:71:ab:a9
    :5e"
    2016:10:05-08:25:12 192.168.132.2 hostapd: wlan0: STA 00:61:71:ab:a9:5e IEEE 802.11: deauthenticated due to local deauth request
    2016:10:05-08:25:18 192.168.132.5 hostapd: wlan1: STA 00:17:23:a7:13:0d WPA: group key handshake completed (RSN)
    2016:10:05-08:25:18 192.168.132.5 hostapd: wlan1: STA 00:17:23:a7:0d:e0 WPA: group key handshake completed (RSN)
    2016:10:05-08:28:12 A4002D1C8EF0621 hostapd: wlan8: STA 00:61:71:ab:a9:5e WPA: group key handshake completed (RSN)
    2016:10:05-08:30:08 A4002D1C8EF0621 awelogger[3165]: id="4103" severity="info" sys="System" sub="WiFi" name="STA authentication" ssid="KoelleGuest" ssid_id="WLAN0.1" bssid="00:1a:8c:9d:a6:d5" sta="48:74:6e:9
    8:3e:0c" status_code="0"
    2016:10:05-08:30:08 A4002D1C8EF0621 hostapd: wlan8: STA 48:74:6e:98:3e:0c IEEE 802.11: authenticated
    2016:10:05-08:30:08 A4002D1C8EF0621 hostapd: wlan8: STA 48:74:6e:98:3e:0c IEEE 802.11: associated (aid 2)
    2016:10:05-08:30:08 A4002D1C8EF0621 awelogger[3165]: id="4104" severity="info" sys="System" sub="WiFi" name="STA association" ssid="KoelleGuest" ssid_id="WLAN0.1" bssid="00:1a:8c:9d:a6:d5" sta="48:74:6e:98:3
    e:0c" status_code="0"
    2016:10:05-08:30:12 A4002D1C8EF0621 awelogger[3165]: id="4105" severity="info" sys="System" sub="WiFi" name="STA WPA failure" ssid="KoelleGuest" ssid_id="WLAN0.1" bssid="00:1a:8c:9d:a6:d5" sta="48:74:6e:98:3
    e:0c" reason_code="2"
    2016:10:05-08:30:16 A4002D1C8EF0621 hostapd: wlan8: STA 48:74:6e:98:3e:0c IEEE 802.11: authenticated
    2016:10:05-08:30:16 A4002D1C8EF0621 hostapd: wlan8: STA 48:74:6e:98:3e:0c IEEE 802.11: associated (aid 2)
    2016:10:05-08:30:16 A4002D1C8EF0621 awelogger[3165]: id="4103" severity="info" sys="System" sub="WiFi" name="STA authentication" ssid="KoelleGuest" ssid_id="WLAN0.1" bssid="00:1a:8c:9d:a6:d5" sta="48:74:6e:9
    8:3e:0c" status_code="0"
    2016:10:05-08:30:16 A4002D1C8EF0621 awelogger[3165]: id="4104" severity="info" sys="System" sub="WiFi" name="STA association" ssid="KoelleGuest" ssid_id="WLAN0.1" bssid="00:1a:8c:9d:a6:d5" sta="48:74:6e:98:3
    e:0c" status_code="0"
    2016:10:05-08:30:20 A4002D1C8EF0621 awelogger[3165]: id="4105" severity="info" sys="System" sub="WiFi" name="STA WPA failure" ssid="KoelleGuest" ssid_id="WLAN0.1" bssid="00:1a:8c:9d:a6:d5" sta="48:74:6e:98:3
    e:0c" reason_code="2"
    2016:10:05-08:30:21 A4002D1C8EF0621 hostapd: wlan8: STA 48:74:6e:98:3e:0c IEEE 802.11: authenticated
    2016:10:05-08:30:21 A4002D1C8EF0621 hostapd: wlan8: STA 48:74:6e:98:3e:0c IEEE 802.11: associated (aid 2)
    2016:10:05-08:30:21 A4002D1C8EF0621 awelogger[3165]: id="4103" severity="info" sys="System" sub="WiFi" name="STA authentication" ssid="KoelleGuest" ssid_id="WLAN0.1" bssid="00:1a:8c:9d:a6:d5" sta="48:74:6e:9
    8:3e:0c" status_code="0"
    2016:10:05-08:30:21 A4002D1C8EF0621 awelogger[3165]: id="4104" severity="info" sys="System" sub="WiFi" name="STA association" ssid="KoelleGuest" ssid_id="WLAN0.1" bssid="00:1a:8c:9d:a6:d5" sta="48:74:6e:98:3
    e:0c" status_code="0"
    2016:10:05-08:30:25 A4002D1C8EF0621 awelogger[3165]: id="4105" severity="info" sys="System" sub="WiFi" name="STA WPA failure" ssid="KoelleGuest" ssid_id="WLAN0.1" bssid="00:1a:8c:9d:a6:d5" sta="48:74:6e:98:3
    e:0c" reason_code="2"
    2016:10:05-08:30:30 A4002D1C8EF0621 hostapd: wlan8: STA 48:74:6e:98:3e:0c IEEE 802.11: deauthenticated due to local deauth request
    2016:10:05-08:30:51 192.168.132.2 hostapd: wlan0: STA 48:74:6e:98:3e:0c IEEE 802.11: authenticated
    2016:10:05-08:30:51 192.168.132.2 hostapd: wlan0: STA 48:74:6e:98:3e:0c IEEE 802.11: associated (aid 6)
    2016:10:05-08:30:51 192.168.132.2 awelogger[1289]: id="4103" severity="info" sys="System" sub="WiFi" name="STA authentication" ssid="KoelleGuest" ssid_id="WLAN0.0" bssid="00:1a:8c:2e:60:70" sta="48:74:6e:98:
    3e:0c" status_code="0"
    2016:10:05-08:30:51 192.168.132.2 awelogger[1289]: id="4104" severity="info" sys="System" sub="WiFi" name="STA association" ssid="KoelleGuest" ssid_id="WLAN0.0" bssid="00:1a:8c:2e:60:70" sta="48:74:6e:98:3e:
    0c" status_code="0"
    2016:10:05-08:30:55 192.168.132.2 awelogger[1289]: id="4105" severity="info" sys="System" sub="WiFi" name="STA WPA failure" ssid="KoelleGuest" ssid_id="WLAN0.0" bssid="00:1a:8c:2e:60:70" sta="48:74:6e:98:3e:
    0c" reason_code="2"
    2016:10:05-08:30:56 A4002D1C8EF0621 hostapd: wlan0: STA 48:74:6e:98:3e:0c IEEE 802.11: authenticated
    2016:10:05-08:30:56 A4002D1C8EF0621 hostapd: wlan0: STA 48:74:6e:98:3e:0c IEEE 802.11: associated (aid 1)
    2016:10:05-08:30:56 A4002D1C8EF0621 awelogger[2931]: id="4103" severity="info" sys="System" sub="WiFi" name="STA authentication" ssid="KoelleGuest" ssid_id="WLAN0.0" bssid="00:1a:8c:9d:a6:dd" sta="48:74:6e:9
    8:3e:0c" status_code="0"
    2016:10:05-08:30:56 A4002D1C8EF0621 awelogger[2931]: id="4104" severity="info" sys="System" sub="WiFi" name="STA association" ssid="KoelleGuest" ssid_id="WLAN0.0" bssid="00:1a:8c:9d:a6:dd" sta="48:74:6e:98:3
    e:0c" status_code="0"
    /var/log/wireless.log lines 4676817-4676860/4676860 (END) nl80211 not found.