NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
I noticed when sending syslog from the WAX's to our syslog server (in this case a Wazuh SIEM installation) that there's some issues. First issue, it's hard to differentiate the syslog coming from...
Explained forth and back before, the possible options (and potential drawback where you can no longer use just the IP address or just the unqualified hostname - making the use the full FQDN mandatory) have been described -> https://community.netgear.com/discussions/business-wireless-for-business/wax610-how-to-send-hostname-with-syslog/2227670/replies/2227715
Hmm, so it is possible to get the FQDN in the logs, but it is cumbersome...
That's interesting. It's not the info our supplier got from their Netgear contact... they said to raise a feature request here.
What is certainly coming from the WAX6xx or WAC5xx with the syslog messages is -always - the IP address on the LAN.
Cumbersome is that once you define the FQDN, that the AP does require either using the FQDN (https:// hostname.domain.....) for accessing the local WebUI - unless you are using Netgear Insight. It's apparently a port of some (unknown to me) design, probably inherited from the open source platform these APs are built on.
In case the hostname field should be really empty as part of the AP generated syslog message (read neither an IP address nor a FQDN of configured) on the WAX618 there might be possibly a bug - the LAN IP address is certainly provided, pure hostname isn't an option as it's poorly identifying the specific device IMHO.
Don't own one of these 618, so not fancy buying such APs for reproducing some uncertain issues.
Just yet another Community Member here, but having designed, implemented, and deployed large scale data collectors for various multi vendor systems long time before syslog become some de-facto standard, where we had started 45 years ago already. Mind you, there are many other platforms which are not U**x based, so no syslog ...
Sorry,
-Kurt.
I don't see an ip address in these logs, that would also suffice for me as well.
Maybe because these access points are also tied to Insight? The sending/receiving happens local though. (log server is also local).
If there was API for Insight I might would have used that instead of syslog.. but there isn't.