All Apps and Add-ons

Splunk for Asset Discovery: How Can I get the MAC address?

rbacon
Path Finder

After trying several NMAP command line options, including "nmap -A", it appears that Asset Discovery script does not capture the MAC address of scanned machines on the network. How can I get it using this Splunk App?

Thanks!

0 Karma
1 Solution

mw
Splunk Employee
Splunk Employee

The app scripted input injects a -oG argument in order to force greppable output format. Unfortunately, that output format doesn't support outputting Mac addresses (for whatever reason). So, you'd need to modify the script and then create the necessary configs to deal with the other format. Certainly all possible, but at that point there's not a ton of use for this particular app.

View solution in original post

bbiandov
Path Finder

I've been struggling with this too so guess what sludgy way of solving this worked for me 🙂

cron job: LOL

*/5 * * * * /usr/bin/snmpbulkwalk -v 2c -c public@1 -OXsq 192.168.248.5 .1.3.6.1.2.1.17.4.3.1.2 >> /home/splunk/vlan1.txt

Then monitor the log via the universal splunk forwarded and that's how the data gets into splunk. Sad I know ...

0 Karma

mw
Splunk Employee
Splunk Employee

The app scripted input injects a -oG argument in order to force greppable output format. Unfortunately, that output format doesn't support outputting Mac addresses (for whatever reason). So, you'd need to modify the script and then create the necessary configs to deal with the other format. Certainly all possible, but at that point there's not a ton of use for this particular app.

View solution in original post

.conf21 CFS Extended through 5/20!

Don't miss your chance
to share your Splunk
wisdom in-person or
virtually at .conf21!

Call for Speakers has
been extended through
Thursday, 5/20!