I am hoping someone can point me in the right direction.
I am able to easily figure out if a rogue AP is broadcasting our SSID by looking on the WLC under Management -->SNMP --> Trap Logs. The problem is that we have more than just a few WLCs, and trying to look at the logs manually would be impossible.
The message on the WLC looks like this:
The trap that SolarWinds receives looks like this:
The trap that is shown in NPM only shows the SSID. It doesn't look anything like the message on the WLC.
Anyone have any ideas? I need to alert on the message that the WLC shows, especially with the wording Honeypot.
Regretfully the WLC syslogs do not show anything useful.
Thanks in advance for any help.