So, here is a portion of the output from >show log all | begin "Jul 9 16:"<
Jul 9 16:30:22 authmgr[1531]: <522044> <INFO> |authmgr| MAC=f0:cb:a1:62:98:e0 Station authenticate(start): method=802.1x, role=logon//, VLAN=143/143/0/0/0, Derivation=0/0, Value Pair=1
Jul 9 16:30:22 authmgr[1531]: <522049> <INFO> |authmgr| MAC=f0:cb:a1:62:98:e0,IP=0.0.0.0 User role updated, existing Role=logon/none, new Role=UsrRole-WBSN-Emp1/none, reason=Station Authenticated with auth type: 4
Jul 9 16:30:23 authmgr[1531]: <522036> <INFO> |authmgr| MAC=7c:61:93:a2:38:ff Station DN: BSSID=d8:c7:c8:17:6f:93 ESSID=Websense VLAN=143 AP-name=Test-AP-PT
Jul 9 16:30:23 mobileip[1537]: <500010> <NOTI> |mobileip| Station 7c:61:93:a2:38:ff, 255.255.255.255: Mobility trail, on switch 10.64.6.101, VLAN 143, AP Test-AP-PT, Websense/d8:c7:c8:17:6f:93/g
Jul 9 16:30:23 stm[1300]: <501080> <NOTI> |AP Test-AP-PT@10.64.6.11 stm| Deauth to sta: 7c:61:93:a2:38:ff: Ageout AP 10.64.6.11-d8:c7:c8:17:6f:93-Test-AP-PT Denied: AP Ageout
Jul 9 16:30:23 stm[1300]: <501102> <NOTI> |AP Test-AP-PT@10.64.6.11 stm| Disassoc from sta: 7c:61:93:a2:38:ff: AP 10.64.6.11-d8:c7:c8:17:6f:93-Test-AP-PT Reason STA has left and is disassocisted
Jul 9 16:30:23 stm[1300]: <501106> <NOTI> |AP Test-AP-PT@10.64.6.11 stm| Deauth to sta: 7c:61:93:a2:38:ff: Ageout AP 10.64.6.11-d8:c7:c8:17:6f:93-Test-AP-PT handle_sapcp
Jul 9 16:30:23 stm[1532]: <501044> <NOTI> |stm| Station 7c:61:93:a2:38:ff: No authentication found trying to de-authenticate to BSSID d8:c7:c8:17:6f:93 on AP Test-AP-PT
Jul 9 16:30:23 stm[1532]: <501102> <NOTI> |stm| Disassoc from sta: 7c:61:93:a2:38:ff: AP 10.64.6.11-d8:c7:c8:17:6f:93-Test-AP-PT Reason STA has left and is disassocisted
Jul 9 16:30:23 stm[1532]: <501114> <NOTI> |stm| Deauth from sta: 7c:61:93:a2:38:ff: AP 10.64.6.11-d8:c7:c8:17:6f:93-Test-AP-PT Reason 255
Jul 9 16:30:25 authmgr[1531]: <522035> <INFO> |authmgr| MAC=7c:61:93:a2:38:ff Station UP: BSSID=d8:c7:c8:17:6f:93 ESSID=Websense VLAN=143 AP-name=Test-AP-PT
Jul 9 16:30:25 mobileip[1537]: <500010> <NOTI> |mobileip| Station 7c:61:93:a2:38:ff, 0.0.0.0: Mobility trail, on switch 10.64.6.101, VLAN 143, AP Test-AP-PT, Websense/d8:c7:c8:17:6f:93/g
Jul 9 16:30:25 stm[1300]: <501093> <NOTI> |AP Test-AP-PT@10.64.6.11 stm| Auth success: 7c:61:93:a2:38:ff: AP 10.64.6.11-d8:c7:c8:17:6f:93-Test-AP-PT
Jul 9 16:30:25 stm[1300]: <501095> <NOTI> |AP Test-AP-PT@10.64.6.11 stm| Assoc request @ 16:30:25.856463: 7c:61:93:a2:38:ff (SN 3029): AP 10.64.6.11-d8:c7:c8:17:6f:93-Test-AP-PT
Jul 9 16:30:25 stm[1300]: <501100> <NOTI> |AP Test-AP-PT@10.64.6.11 stm| Assoc success @ 16:30:25.857612: 7c:61:93:a2:38:ff: AP 10.64.6.11-d8:c7:c8:17:6f:93-Test-AP-PT
Jul 9 16:30:25 stm[1300]: <501109> <NOTI> |AP Test-AP-PT@10.64.6.11 stm| Auth request: 7c:61:93:a2:38:ff: AP 10.64.6.11-d8:c7:c8:17:6f:93-Test-AP-PT auth_alg 0
Jul 9 16:30:25 stm[1532]: <501095> <NOTI> |stm| Assoc request @ 16:30:25.861521: 7c:61:93:a2:38:ff (SN 3029): AP 10.64.6.11-d8:c7:c8:17:6f:93-Test-AP-PT
Jul 9 16:30:25 stm[1532]: <501100> <NOTI> |stm| Assoc success @ 16:30:25.865616: 7c:61:93:a2:38:ff: AP 10.64.6.11-d8:c7:c8:17:6f:93-Test-AP-PT
Jul 9 16:30:25 wms[1519]: <316095> <INFO> |wms| Ageing STA 00:23:14:f4:fb:b4
Jul 9 16:30:25 wms[1519]: <316095> <INFO> |wms| Ageing STA d0:23:db:4e:a6:e3
Jul 9 16:30:25 wms[1519]: <316096> <INFO> |wms| Ageing STA tree node MAC 00:23:14:f4:fb:b4 Monitor d8:c7:c8:c9:76:f9
Jul 9 16:30:25 wms[1519]: <316096> <INFO> |wms| Ageing STA tree node MAC 00:23:14:f4:fb:b4 Monitor d8:c7:c8:c9:76:fb
Jul 9 16:30:25 wms[1519]: <316096> <INFO> |wms| Ageing STA tree node MAC d0:23:db:4e:a6:e3 Monitor d8:c7:c8:c9:76:da
Jul 9 16:30:25 wms[1519]: <316096> <INFO> |wms| Ageing STA tree node MAC d0:23:db:4e:a6:e3 Monitor d8:c7:c8:c9:76:f8
Jul 9 16:30:25 wms[1519]: <316096> <INFO> |wms| Ageing STA tree node MAC d0:23:db:4e:a6:e3 Monitor d8:c7:c8:c9:76:fb
Jul 9 16:30:25 wms[1519]: <316096> <INFO> |wms| Ageing STA tree node MAC d0:23:db:4e:a6:e3 Monitor d8:c7:c8:c9:77:06
Jul 9 16:30:25 wms[1519]: <316096> <INFO> |wms| Ageing STA tree node MAC d0:23:db:4e:a6:e3 Monitor d8:c7:c8:c9:77:17
Jul 9 16:30:29 stm[1532]: <400192> <NOTI> |stm| STA 6d:a0:82:11:00:0f at AP 10.64.6.17-d8:c7:c8:17:6d:a0-wsdap24-2-06 5GHz capable.
Jun 7 15:01:52 packetfilter[1381]: PAPI_Send: sendto Configuration Manager failed: No such file or directory Message Code 0 Sequence Num is 2
Jun 7 15:01:53 certmgr[1382]: PAPI_Send: sendto Publisher failed: No such file or directory Message Code 11000 Sequence Num is 2
Jun 7 15:01:53 certmgr[1382]: PAPI_Send: sendto Syslog Manager failed: No such file or directory Message Code 0 Sequence Num is 3
Jun 7 15:01:54 cfgm[1424]: PAPI_Send: sendto License Manager failed: No such file or directory Message Code 0 Sequence Num is 2
Jun 7 15:01:54 syslogdwrap[1436]: PAPI_Send: sendto ESI failed: No such file or directory Message Code 2001 Sequence Num is 2
Jun 7 15:01:55 aaa[1468]: PAPI_Send: sendto User Database Server failed: No such file or directory Message Code 0 Sequence Num is 3
Jun 7 15:01:55 fpapps[1507]: PAPI_Send: sendto License Manager failed: No such file or directory Message Code 0 Sequence Num is 13
Jun 7 15:01:56 wms[1522]: PAPI_Init: timeout of 0 specified set to default 100 millisec.
Jun 7 15:02:00 aaa[1468]: PAPI_Send: To: 7f000001:8344 Type:0x4 Timed out.
Jun 7 15:02:00 syslogdwrap[1436]: PAPI_Send: To: 7f000001:8226 Type:0x4 Timed out.
Jun 7 15:02:08 nanny[1370]: PAPI_Send: To: 7f000001:8407 Type:0x4 Timed out.
Jun 7 15:02:10 cts[1560]: PAPI_Send: To: 7f000001:8226 Type:0x4 Timed out.
Jun 7 15:02:13 mobileip[1537]: PAPI_Send: To: 7f000001:8226 Type:0x4 Timed out.
Jun 7 15:02:13 phonehome[1538]: PAPI_Send: To: 7f000001:8226 Type:0x4 Timed out.
Jun 7 15:02:16 snmp[1543]: PAPI_Send: To: 7f000001:8212 Type:0x4 Timed out.
Jun 7 15:02:16 snmp[1544]: PAPI_Send: To: 7f000001:8212 Type:0x4 Timed out.
As you can see it HAS time stamps BUT the output is mixed up and not in time order. It's nice to have the ability to limit log data to particular types but when I say "all" I expect everything, in order.
Here is the end of today's file on the syslog server (which AFAIK is taking whetever it gets and writing it):
[root@ssdsyslog2 wsdwac1a]# tail -50 wsdwac1a-noacl.log
<501093> <NOTI> <10.64.6.101 10.64.6.101> Auth success: 7c:61:93:a2:38:ff: AP 10.64.6.11-d8:c7:c8:17:6f:93-Test-AP-PT
<501095> <NOTI> <wsdwac1a 10.64.6.101> Assoc request @ 16:30:25.861521: 7c:61:93:a2:38:ff (SN 3029): AP 10.64.6.11-d8:c7:c8:17:6f:93-Test-AP-PT
<501095> <NOTI> <10.64.6.101 10.64.6.101> Assoc request @ 16:30:25.856463: 7c:61:93:a2:38:ff (SN 3029): AP 10.64.6.11-d8:c7:c8:17:6f:93-Test-AP-PT
<501100> <NOTI> <10.64.6.101 10.64.6.101> Assoc success @ 16:30:25.857612: 7c:61:93:a2:38:ff: AP 10.64.6.11-d8:c7:c8:17:6f:93-Test-AP-PT
<501100> <NOTI> <wsdwac1a 10.64.6.101> Assoc success @ 16:30:25.865616: 7c:61:93:a2:38:ff: AP 10.64.6.11-d8:c7:c8:17:6f:93-Test-AP-PT
<500010> <NOTI> <wsdwac1a 10.64.6.101> Station 7c:61:93:a2:38:ff, 0.0.0.0: Mobility trail, on switch 10.64.6.101, VLAN 143, AP Test-AP-PT, Websense/d8:c7:c8:17:6f:93/g
<522035> <INFO> <wsdwac1a 10.64.6.101> MAC=7c:61:93:a2:38:ff Station UP: BSSID=d8:c7:c8:17:6f:93 ESSID=Websense VLAN=143 AP-name=Test-AP-PT
<400192> <NOTI> <wsdwac1a 10.64.6.101> STA 6d:a0:82:11:00:0f at AP 10.64.6.17-d8:c7:c8:17:6d:a0-wsdap24-2-06 5GHz capable.
<307218> <INFO> <wsdwac1a 10.64.6.101> CFGM IPSEC src_net:0.0.0.0:0.0.0.0 dst_net:0.0.0.0:0.0.0.0 vlan:0 mac1: mac2: caCert: serverCert: suitBalgo:0 credType:0
<501102> <NOTI> <wsdwac1a 10.64.6.101> Disassoc from sta: 7c:61:93:a2:38:ff: AP 10.64.6.11-d8:c7:c8:17:6f:93-Test-AP-PT Reason STA has left and is disassocisted
<501102> <NOTI> <10.64.6.101 10.64.6.101> Disassoc from sta: 7c:61:93:a2:38:ff: AP 10.64.6.11-d8:c7:c8:17:6f:93-Test-AP-PT Reason STA has left and is disassocisted
<500010> <NOTI> <wsdwac1a 10.64.6.101> Station 7c:61:93:a2:38:ff, 255.255.255.255: Mobility trail, on switch 10.64.6.101, VLAN 143, AP Test-AP-PT, Websense/d8:c7:c8:17:6f:93/g
<501106> <NOTI> <10.64.6.101 10.64.6.101> Deauth to sta: 7c:61:93:a2:38:ff: Ageout AP 10.64.6.11-d8:c7:c8:17:6f:93-Test-AP-PT handle_sapcp
<522036> <INFO> <wsdwac1a 10.64.6.101> MAC=7c:61:93:a2:38:ff Station DN: BSSID=d8:c7:c8:17:6f:93 ESSID=Websense VLAN=143 AP-name=Test-AP-PT
<501080> <NOTI> <10.64.6.101 10.64.6.101> Deauth to sta: 7c:61:93:a2:38:ff: Ageout AP 10.64.6.11-d8:c7:c8:17:6f:93-Test-AP-PT Denied: AP Ageout
<501114> <NOTI> <wsdwac1a 10.64.6.101> Deauth from sta: 7c:61:93:a2:38:ff: AP 10.64.6.11-d8:c7:c8:17:6f:93-Test-AP-PT Reason 255
<501044> <NOTI> <wsdwac1a 10.64.6.101> Station 7c:61:93:a2:38:ff: No authentication found trying to de-authenticate to BSSID d8:c7:c8:17:6f:93 on AP Test-AP-PT
<501109> <NOTI> <10.64.6.101 10.64.6.101> Auth request: 7c:61:93:a2:38:ff: AP 10.64.6.22-d8:c7:c8:17:71:93-Test-AP-DP auth_alg 0
<501093> <NOTI> <10.64.6.101 10.64.6.101> Auth success: 7c:61:93:a2:38:ff: AP 10.64.6.22-d8:c7:c8:17:71:93-Test-AP-DP
<501095> <NOTI> <wsdwac1a 10.64.6.101> Assoc request @ 16:30:38.029849: 7c:61:93:a2:38:ff (SN 3099): AP 10.64.6.22-d8:c7:c8:17:71:93-Test-AP-DP
<501095> <NOTI> <10.64.6.101 10.64.6.101> Assoc request @ 16:30:38.025352: 7c:61:93:a2:38:ff (SN 3099): AP 10.64.6.22-d8:c7:c8:17:71:93-Test-AP-DP
<501100> <NOTI> <10.64.6.101 10.64.6.101> Assoc success @ 16:30:38.026505: 7c:61:93:a2:38:ff: AP 10.64.6.22-d8:c7:c8:17:71:93-Test-AP-DP
<501100> <NOTI> <wsdwac1a 10.64.6.101> Assoc success @ 16:30:38.033418: 7c:61:93:a2:38:ff: AP 10.64.6.22-d8:c7:c8:17:71:93-Test-AP-DP
<522035> <INFO> <wsdwac1a 10.64.6.101> MAC=7c:61:93:a2:38:ff Station UP: BSSID=d8:c7:c8:17:71:93 ESSID=Websense VLAN=143 AP-name=Test-AP-DP
<500010> <NOTI> <wsdwac1a 10.64.6.101> Station 7c:61:93:a2:38:ff, 0.0.0.0: Mobility trail, on switch 10.64.6.101, VLAN 143, AP Test-AP-DP, Websense/d8:c7:c8:17:71:93/g
<307218> <INFO> <wsdwac1a 10.64.6.101> CFGM IPSEC src_net:0.0.0.0:0.0.0.0 dst_net:0.0.0.0:0.0.0.0 vlan:0 mac1: mac2: caCert: serverCert: suitBalgo:0 credType:0
<501102> <NOTI> <wsdwac1a 10.64.6.101> Disassoc from sta: 7c:61:93:a2:38:ff: AP 10.64.6.22-d8:c7:c8:17:71:93-Test-AP-DP Reason STA has left and is disassocisted
<500010> <NOTI> <wsdwac1a 10.64.6.101> Station 7c:61:93:a2:38:ff, 255.255.255.255: Mobility trail, on switch 10.64.6.101, VLAN 143, AP Test-AP-DP, Websense/d8:c7:c8:17:71:93/g
<501102> <NOTI> <10.64.6.101 10.64.6.101> Disassoc from sta: 7c:61:93:a2:38:ff: AP 10.64.6.22-d8:c7:c8:17:71:93-Test-AP-DP Reason STA has left and is disassocisted
<522036> <INFO> <wsdwac1a 10.64.6.101> MAC=7c:61:93:a2:38:ff Station DN: BSSID=d8:c7:c8:17:71:93 ESSID=Websense VLAN=143 AP-name=Test-AP-DP
<501106> <NOTI> <10.64.6.101 10.64.6.101> Deauth to sta: 7c:61:93:a2:38:ff: Ageout AP 10.64.6.22-d8:c7:c8:17:71:93-Test-AP-DP handle_sapcp
<501080> <NOTI> <10.64.6.101 10.64.6.101> Deauth to sta: 7c:61:93:a2:38:ff: Ageout AP 10.64.6.22-d8:c7:c8:17:71:93-Test-AP-DP Denied: AP Ageout
<501114> <NOTI> <wsdwac1a 10.64.6.101> Deauth from sta: 7c:61:93:a2:38:ff: AP 10.64.6.22-d8:c7:c8:17:71:93-Test-AP-DP Reason 255
<501044> <NOTI> <wsdwac1a 10.64.6.101> Station 7c:61:93:a2:38:ff: No authentication found trying to de-authenticate to BSSID d8:c7:c8:17:71:93 on AP Test-AP-DP
<126037> <WARN> <wsdwac1a 10.64.6.101> |ids| AP(d8:c7:c8:17:6f:90@Test-AP-PT): Station Associated to Rogue AP: An AP detected a client 7c:61:93:a2:38:ff associated to a rogue access point (BSSID 00:0f:24:70:dc:01 and SSID Websense on CHANNEL 1).
<501109> <NOTI> <10.64.6.101 10.64.6.101> Auth request: 7c:61:93:a2:38:ff: AP 10.64.6.11-d8:c7:c8:17:6f:93-Test-AP-PT auth_alg 0
<501093> <NOTI> <10.64.6.101 10.64.6.101> Auth success: 7c:61:93:a2:38:ff: AP 10.64.6.11-d8:c7:c8:17:6f:93-Test-AP-PT
<501095> <NOTI> <wsdwac1a 10.64.6.101> Assoc request @ 16:31:02.271924: 7c:61:93:a2:38:ff (SN 3195): AP 10.64.6.11-d8:c7:c8:17:6f:93-Test-AP-PT
<501095> <NOTI> <10.64.6.101 10.64.6.101> Assoc request @ 16:31:02.266518: 7c:61:93:a2:38:ff (SN 3195): AP 10.64.6.11-d8:c7:c8:17:6f:93-Test-AP-PT
<501100> <NOTI> <10.64.6.101 10.64.6.101> Assoc success @ 16:31:02.267924: 7c:61:93:a2:38:ff: AP 10.64.6.11-d8:c7:c8:17:6f:93-Test-AP-PT
<501100> <NOTI> <wsdwac1a 10.64.6.101> Assoc success @ 16:31:02.275477: 7c:61:93:a2:38:ff: AP 10.64.6.11-d8:c7:c8:17:6f:93-Test-AP-PT
<522035> <INFO> <wsdwac1a 10.64.6.101> MAC=7c:61:93:a2:38:ff Station UP: BSSID=d8:c7:c8:17:6f:93 ESSID=Websense VLAN=143 AP-name=Test-AP-PT
<501095> <NOTI> <10.64.6.101 10.64.6.101> Assoc request @ 16:31:02.270617: 7c:61:93:a2:38:ff (SN 3195): AP 10.64.6.11-d8:c7:c8:17:6f:93-Test-AP-PT
<500010> <NOTI> <wsdwac1a 10.64.6.101> Station 7c:61:93:a2:38:ff, 0.0.0.0: Mobility trail, on switch 10.64.6.101, VLAN 143, AP Test-AP-PT, Websense/d8:c7:c8:17:6f:93/g
<501100> <NOTI> <10.64.6.101 10.64.6.101> Assoc success @ 16:31:02.271701: 7c:61:93:a2:38:ff: AP 10.64.6.11-d8:c7:c8:17:6f:93-Test-AP-PT
<501095> <NOTI> <wsdwac1a 10.64.6.101> Assoc request @ 16:31:02.279736: 7c:61:93:a2:38:ff (SN 3195): AP 10.64.6.11-d8:c7:c8:17:6f:93-Test-AP-PT
<501100> <NOTI> <wsdwac1a 10.64.6.101> Assoc success @ 16:31:02.280531: 7c:61:93:a2:38:ff: AP 10.64.6.11-d8:c7:c8:17:6f:93-Test-AP-PT
<522035> <INFO> <wsdwac1a 10.64.6.101> MAC=7c:61:93:a2:38:ff Station UP: BSSID=d8:c7:c8:17:6f:93 ESSID=Websense VLAN=143 AP-name=Test-AP-PT
<126038> <WARN> <wsdwac1a 10.64.6.101> |ids| AP(d8:c7:c8:17:6f:90@Test-AP-PT): Cleared Station Associated to Rogue AP: An AP is no longer detecting a client 7c:61:93:a2:38:ff associated to a rogue access point (BSSID 00:0f:24:70:dc:01 and SSID Websense on CHANNEL 1).
<307218> <INFO> <wsdwac1a 10.64.6.101> CFGM IPSEC src_net:0.0.0.0:0.0.0.0 dst_net:0.0.0.0:0.0.0.0 vlan:0 mac1: mac2: caCert: serverCert: suitBalgo:0 credType:0
[root@ssdsyslog2 wsdwac1a]#
No timestamps.