I just configured an SNMP-Trap on an RHEL box to send to Splunk. Getting the following output:
Agent Hostname: (hostname) \N Date: 5 - 8 - 8 - 9 - 6 - 4461316
CISCO-LWAPP-AP-MIB::cLApRogueApMacAddress.0 = STRING: 0:d:67:83:2a:f2
Is there a way to correct the date format to show a proper time?
I want to make rogue AP detections actionable, it seems that the format tosses the first hex of the mac address onto the ApRogueApMacAddress itself (the .0 prior to string value)
Using the following format options:
format2 %V\n% Agent Address: %A \n Agent Hostname: %B \n Date: %H - %J - %K - %L - %M - %Y \n Enterprise OID: %N \n Trap Type: %W \n Trap Sub-Type: %q \n Community/Infosec Context: %P \n Uptime: %T \n Description: %W \n PDU Attribute/Value Pair Array:\n%v \n -------------- \n
... View more