Getting Data In

Is it possible to monitor if someone plugs in a network cable in the network?

nickbijmoer
Path Finder

Hello,

Is it possible to monitor if someone is plugging a network cable in the network?

0 Karma

hlange
New Member

We use rsyslog and have the network switches logging at the information level, which gives us port up/down status. If or as long as the network cable that is plugged in is also connected to a live network interface, then it would be possible to monitor port up/down status. The downside is that rebooting a system already connected to the network will generate a port down and then a port up message as the system reboots. You could use that port status information to monitor your ports. If you have port security enabled, you could also report on port security violations. Building a dashboard from scratch to show port status information might take some time. You could check to see if there is an app that can do this or a similar task that you could use as a model to build your own app as well.

0 Karma

nickbijmoer
Path Finder

Hmm okey thanks im gonna do some research 🙂

0 Karma

treinke
Builder

Typically you can monitor the switch and look for the link state of the port. If the link state goes from down to up, someone connected something in to that port.

Typically you can send this information to a syslog server and then collect the syslog information in to Splunk.

There are no answer without questions

nickbijmoer
Path Finder

Ahh cool, so I have to setup my switch to send information to a syslog server and then the syslog server can send it to splunk?

0 Karma

treinke
Builder

That is correct. You will need to look how to send the syslog to a collector for your make and model of switches. Also check on the log level of the switch. It might send more information than you want.

As hlange said, check to see if there is a prebuild app or TA for your brand of switch. Typically they help to do the parsing of the logs to help you in understanding what you are getting from the logs.

There are no answer without questions
0 Karma
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

Splunk is officially part of Cisco

Revolutionizing how our customers build resilience across their entire digital footprint.   Splunk ...

Splunk APM & RUM | Planned Maintenance March 26 - March 28, 2024

There will be planned maintenance for Splunk APM and RUM between March 26, 2024 and March 28, 2024 as ...