Getting Data In

Is it possible to monitor if someone plugs in a network cable in the network?

nickbijmoer
Path Finder

Hello,

Is it possible to monitor if someone is plugging a network cable in the network?

0 Karma

hlange
New Member

We use rsyslog and have the network switches logging at the information level, which gives us port up/down status. If or as long as the network cable that is plugged in is also connected to a live network interface, then it would be possible to monitor port up/down status. The downside is that rebooting a system already connected to the network will generate a port down and then a port up message as the system reboots. You could use that port status information to monitor your ports. If you have port security enabled, you could also report on port security violations. Building a dashboard from scratch to show port status information might take some time. You could check to see if there is an app that can do this or a similar task that you could use as a model to build your own app as well.

0 Karma

nickbijmoer
Path Finder

Hmm okey thanks im gonna do some research 🙂

0 Karma

treinke
Builder

Typically you can monitor the switch and look for the link state of the port. If the link state goes from down to up, someone connected something in to that port.

Typically you can send this information to a syslog server and then collect the syslog information in to Splunk.

There are no answer without questions

nickbijmoer
Path Finder

Ahh cool, so I have to setup my switch to send information to a syslog server and then the syslog server can send it to splunk?

0 Karma

treinke
Builder

That is correct. You will need to look how to send the syslog to a collector for your make and model of switches. Also check on the log level of the switch. It might send more information than you want.

As hlange said, check to see if there is a prebuild app or TA for your brand of switch. Typically they help to do the parsing of the logs to help you in understanding what you are getting from the logs.

There are no answer without questions
0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...