Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Is it possible to monitor if someone plugs in a network cable in the network?

nickbijmoer
Path Finder
‎11-04-2016 05:54 AM

Hello,

Is it possible to monitor if someone is plugging a network cable in the network?

0 Karma
Reply

hlange
New Member
‎11-04-2016 06:35 AM

We use rsyslog and have the network switches logging at the information level, which gives us port up/down status. If or as long as the network cable that is plugged in is also connected to a live network interface, then it would be possible to monitor port up/down status. The downside is that rebooting a system already connected to the network will generate a port down and then a port up message as the system reboots. You could use that port status information to monitor your ports. If you have port security enabled, you could also report on port security violations. Building a dashboard from scratch to show port status information might take some time. You could check to see if there is an app that can do this or a similar task that you could use as a model to build your own app as well.

0 Karma
Reply

nickbijmoer
Path Finder
‎11-04-2016 07:12 AM

Hmm okey thanks im gonna do some research 🙂

0 Karma
Reply

treinke
Builder
‎11-04-2016 06:24 AM

Typically you can monitor the switch and look for the link state of the port. If the link state goes from down to up, someone connected something in to that port.

Typically you can send this information to a syslog server and then collect the syslog information in to Splunk.

There are no answer without questions
Reply

nickbijmoer
Path Finder
‎11-04-2016 06:33 AM

Ahh cool, so I have to setup my switch to send information to a syslog server and then the syslog server can send it to splunk?

0 Karma
Reply

treinke
Builder
‎11-04-2016 07:32 AM

That is correct. You will need to look how to send the syslog to a collector for your make and model of switches. Also check on the log level of the switch. It might send more information than you want.

As hlange said, check to see if there is a prebuild app or TA for your brand of switch. Typically they help to do the parsing of the logs to help you in understanding what you are getting from the logs.

There are no answer without questions
0 Karma
Reply
Get Updates on the Splunk Community!

Join Us for Splunk University and Get Your Bootcamp Game On!

If you know, you know! Splunk University is the vibe this summer so register today for bootcamps galore ...

.conf24 | Learning Tracks for Security, Observability, Platform, and Developers!

.conf24 is taking place at The Venetian in Las Vegas from June 11 - 14. Continue reading to learn about the ...

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...