3CX DLL-Sideloading attack: What you need to know
I want to manage who is getting on our school WIFI network better than I am. I need to start building whitelist/blacklists of MAC addresses. How can I short list all the devices connected to our network by which network they are connected to?
M
Hi Marvin and welcome to the UTM Community!
Try the following at the command line and let us know if that was what you were looking for:
grep -oP ' ssid_id=".*? status_code' /var/log/wireless.log|sort -n|uniq -c >/home/ssid-mac
Or, to get everything from this February:
zgrep -oP ' ssid_id=".*? status_code' /var/log/wireless/2020/02/*|sort -n|uniq -c >/home/ssid-mac.feb
I suppose there's a way to get that from the logs in WebAdmin, but I haven't tried it.
Cheers - Bob
Looks interesting. I've never used the command line before. Didn't even know there was one, just used the web interface.
Off to learn how to command line the UTM. Feel free to share a link that'll educate a UTM command line noob <grin> so I can try your command.
If you want to use the search routine in WebAdmin, look for lines with ssid_id. Once you have that list, copy it out to a text editor where you can replace some spaces with tabs and then load the edited text into a spreadsheet where you can sort and find which sta MACs are associate with which SSIDs.
What space would I do this in? Where am I gleaning this information from?
I opened the Wireless Protection/Wireless Status/Open Wireless Protection Live Log [button] and let that run for a bit, but it just shows what's happening now... which is just giving me a list of the devices trying to get on that I've not whitelisted.
I also found the clipboard/magnifying glass button to all the live logs, started opening those, trying to guess which one would hold this info and wasn't getting lucky there either.
For example: