Network Management

A couple of months ago we allowed AMP (Version 7.6.1) to ssh to our controllers so we can run some of the show commands directly from AMP 

But we recently noticed in the logs that AMP was running show commands by itself every 15 seconds

10.10.10.5 is the AMP server 

May 20 19:58:21 fpcli: USER: admin connected from 10.10.10.5 has logged out.
May 20 19:58:21 fpcli: USER: admin has logged in from 10.10.10.5.
May 20 19:58:21 fpcli: USER:admin@10.10.10.5 COMMAND:<encrypt disable > -- command executed successfully
May 20 19:58:21 fpcli: USER:admin@10.10.10.5 COMMAND:<no paging > -- command executed successfully
May 20 19:58:21 fpcli: USER:admin@10.10.10.5 COMMAND:<show ap provisioning bssid D8:C7:C8:11:22:33 > -- command executed successfully

What scares me the most is that it keeps running the encrypt disable command .

I looked everywhere to see if it is possible to run some sort script from Airwave but I couldn'f find anything .

Is this normal ? Anybody seen this before ?

Thanks

Vic

You'll see encrypt disable whenever AMP logs in to run a command.  In 7.6, AirWave logs into the controller once for each AP during Audit.  That may be the source of the show commands you're seeing.  This is easier proven if you look look at the log, grep for 'show ap provisioning' -> should see bssid MACs vary as you go (not repeating).  Frequency of a bssid MAC appearing should be based on auditing period (unless there were some manual calls given).  In 7.7, the behaviour will change to be a single login per controller instead of per AP.