aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGravatar Christian Hesse <mail@eworm.de>2018-12-14 12:35:06 +0100
committerGravatar Christian Hesse <mail@eworm.de>2018-12-14 12:35:06 +0100
commiteda89ba64391dc6b41c7d9762656143caad1f77b (patch)
tree37ec10329c411cc89653e1167b67be13413afb6e
parent65283ce76d87f02e1eb47ace91a6c93192c0f108 (diff)
collect-wireless-mac: get and record the vendor
-rw-r--r--collect-wireless-mac.capsman14
-rw-r--r--collect-wireless-mac.local14
-rw-r--r--collect-wireless-mac.template14
3 files changed, 36 insertions, 6 deletions
diff --git a/collect-wireless-mac.capsman b/collect-wireless-mac.capsman
index 46bf7fd..2fd05c4 100644
--- a/collect-wireless-mac.capsman
+++ b/collect-wireless-mac.capsman
@@ -8,6 +8,7 @@
:global "identity";
+:global CertificateAvailable;
:global SendNotification;
:local "place-before" [ / caps-man access-list find where comment="--- collected above ---" disabled ];
@@ -36,8 +37,16 @@
:local interface [ / caps-man registration-table get $regentry interface ];
:local ssid [ / caps-man registration-table get $regentry ssid ];
:local datetime ([ / system clock get date ] . " " . [ / system clock get time ]);
- :local message ("unknown MAC address " . $mac . " (" . $hostname . ") first seen on " . \
- $datetime . " connected to SSID " . $ssid . ", interface " . $interface);
+ :local vendor;
+ :do {
+ $CertificateAvailable "731d3d9cfaa061487a1d71445a42f67df0afca2a6c2d2f98ff7b3ce112b1f568";
+ :set vendor ([ / tool fetch mode=https check-certificate=yes-without-crl \
+ url=("https://api.macvendors.com/" . $mac) output=user as-value ]->"data");
+ } on-error={
+ :set vendor "unknown vendor";
+ }
+ :local message ("unknown MAC address " . $mac . " (" . $vendor . ", " . $hostname . ") " . \
+ "first seen on " . $datetime . " connected to SSID " . $ssid . ", interface " . $interface);
/ log info $message;
/ caps-man access-list add place-before=$"place-before" comment=$message mac-address=$mac disabled=yes;
$SendNotification ($mac . " connected to " . $ssid) \
@@ -46,6 +55,7 @@
"Interface: " . $interface . "\n" . \
"SSID: " . $ssid . "\n" . \
"MAC: " . $mac . "\n" . \
+ "Vendor: " . $vendor . "\n" . \
"Hostname: " . $hostname . "\n" . \
"Address: " . $address . "\n" . \
"Date: " . $datetime);
diff --git a/collect-wireless-mac.local b/collect-wireless-mac.local
index 3416046..d6ece7d 100644
--- a/collect-wireless-mac.local
+++ b/collect-wireless-mac.local
@@ -8,6 +8,7 @@
:global "identity";
+:global CertificateAvailable;
:global SendNotification;
:local "place-before" [ / interface wireless access-list find where comment="--- collected above ---" disabled ];
@@ -36,8 +37,16 @@
:local interface [ / interface wireless registration-table get $regentry interface ];
:local ssid [ / interface wireless get [ find where name=$interface ] ssid ];
:local datetime ([ / system clock get date ] . " " . [ / system clock get time ]);
- :local message ("unknown MAC address " . $mac . " (" . $hostname . ") first seen on " . \
- $datetime . " connected to SSID " . $ssid . ", interface " . $interface);
+ :local vendor;
+ :do {
+ $CertificateAvailable "731d3d9cfaa061487a1d71445a42f67df0afca2a6c2d2f98ff7b3ce112b1f568";
+ :set vendor ([ / tool fetch mode=https check-certificate=yes-without-crl \
+ url=("https://api.macvendors.com/" . $mac) output=user as-value ]->"data");
+ } on-error={
+ :set vendor "unknown vendor";
+ }
+ :local message ("unknown MAC address " . $mac . " (" . $vendor . ", " . $hostname . ") " . \
+ "first seen on " . $datetime . " connected to SSID " . $ssid . ", interface " . $interface);
/ log info $message;
/ interface wireless access-list add place-before=$"place-before" comment=$message mac-address=$mac disabled=yes;
$SendNotification ($mac . " connected to " . $ssid) \
@@ -46,6 +55,7 @@
"Interface: " . $interface . "\n" . \
"SSID: " . $ssid . "\n" . \
"MAC: " . $mac . "\n" . \
+ "Vendor: " . $vendor . "\n" . \
"Hostname: " . $hostname . "\n" . \
"Address: " . $address . "\n" . \
"Date: " . $datetime);
diff --git a/collect-wireless-mac.template b/collect-wireless-mac.template
index 784bfb9..59b2e72 100644
--- a/collect-wireless-mac.template
+++ b/collect-wireless-mac.template
@@ -9,6 +9,7 @@
:global "identity";
+:global CertificateAvailable;
:global SendNotification;
:local "place-before" [ / %PATH% access-list find where comment="--- collected above ---" disabled ];
@@ -38,8 +39,16 @@
:local ssid [ / caps-man registration-table get $regentry ssid ];
:local ssid [ / interface wireless get [ find where name=$interface ] ssid ];
:local datetime ([ / system clock get date ] . " " . [ / system clock get time ]);
- :local message ("unknown MAC address " . $mac . " (" . $hostname . ") first seen on " . \
- $datetime . " connected to SSID " . $ssid . ", interface " . $interface);
+ :local vendor;
+ :do {
+ $CertificateAvailable "731d3d9cfaa061487a1d71445a42f67df0afca2a6c2d2f98ff7b3ce112b1f568";
+ :set vendor ([ / tool fetch mode=https check-certificate=yes-without-crl \
+ url=("https://api.macvendors.com/" . $mac) output=user as-value ]->"data");
+ } on-error={
+ :set vendor "unknown vendor";
+ }
+ :local message ("unknown MAC address " . $mac . " (" . $vendor . ", " . $hostname . ") " . \
+ "first seen on " . $datetime . " connected to SSID " . $ssid . ", interface " . $interface);
/ log info $message;
/ %PATH% access-list add place-before=$"place-before" comment=$message mac-address=$mac disabled=yes;
$SendNotification ($mac . " connected to " . $ssid) \
@@ -48,6 +57,7 @@
"Interface: " . $interface . "\n" . \
"SSID: " . $ssid . "\n" . \
"MAC: " . $mac . "\n" . \
+ "Vendor: " . $vendor . "\n" . \
"Hostname: " . $hostname . "\n" . \
"Address: " . $address . "\n" . \
"Date: " . $datetime);