Monitoring network traffic on a sub-net

gtrapp · ‎11-16-2011

I'd like to monitor network traffic on a sub-net with ~ 10 hosts. This is a remote office with no server and I can get to the network via a frame-relay connection. I cannot modify any settings on the frame-relay router and the switch is this office is not managable. I'm trying to get splunk Ver 4.2.4 to do this but having trouble. Is there a step-by-step to setting this up?

Thanks in advance.

gtrapp · ‎11-16-2011

I'm basing my question on this link: "Free Network Monitoring / www.splunk.com/Network_Monitoring / Monitor Your Network for slow or failing components. Free Download!" which Splunk is advertising on google search pages.
From the download page and some of the questions I reviewed (before installing the product) it seemed like I could capture network traffic and then easily analyze it in Splunk. I've tried capturing network traffic through a TCPIP connection but that doesn't seem to work.

Ayn · ‎11-16-2011

I haven't seen the ads so I don't know what they're claiming. You cannot use Splunk to directly capture network traffic.

Ayn · ‎11-16-2011

What exact role are you expecting Splunk to have in this? Splunk does not in itself have any network monitoring capabilities. Sure, you could build something that records network data and feeds it to Splunk in non-binary format, Splunk will happily index anything resembling text data. Your issue seems to have more with how to get the monitoring going rather than what to do with the data in Splunk once it's there, though. As such I'm fairly sure there is no step-by-step guide for you to follow, but if you elaborate a bit more on what you would like Splunk to do in your setup we can take it from there.

Monitoring network traffic on a sub-net

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases