Hi guys,
I'm new to splunk and searching for a solution to count the active wireless lan clients in my network.
I'm using openwrt accesspoints with syslog output.
A message of an authenticated clients looks like the following:
Jan 26 13:59:03 192.168.0.11 Jan 26 13:59:03 hostapd: wlan0-2: STA XX:XX:XX:XX:XX:XX IEEE 802.11: authenticated
A message of an deauthenticated client looks like the following:
Jan 26 14:02:47 192.168.0.11 Jan 26 14:02:47 hostapd: wlan0-2: STA XX:XX:XX:XX:XX:XX IEEE 802.11: deauthenticated due to local deauth request
How can I count all clients / MAC-Addresses that got the last message authentication and no previous deauthentication?
Thanks a lot!
... View more