Education

Reply
Regular Contributor I

Looking for IP/MAC/user/timestamp/session_duration in a single syslog entry

Hi all,
I looking for a way to get IP/MAC/user/timestamp/session_duration in a single syslog entry. This request is for law enforcement (camous police. RIAA, DMCA, etc.) who provides us only with an IP address and a timestamp.
I see that I can get IP/MAC/user/timestamp in a single syslog entry once the user session ends (de-auth):
Sep 21 13:51:07 2007 authmgr: <522010> |authmgr| MAC=11:22:33:44:55:66 IP=128.119.123.456 User de-authenticated: name=mdickson, cause=admin reset
is there a way that a syslog entry can be created when the user authenticates (initializes) the session as well?
Is there a way to see session duration at a glance without having to calculate (especially hard when session spans a day)
I tried setting logging levels to DBUG but this did not give us this info, plus it logged passwors in clear text on the syslog server so we had to pare this back to Informational.
Thanks in advance,
Mike Dickson
Network Analyst
University of Massachusetts Amherst
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: