Solved: Detecting removable media

malex27 · ‎08-26-2013

I need to detect when a removable media (USB stick, CD, external disks, ...) is attached or detached to our Linux servers.

Anyone implemented it?

Thanks
Alessio

rturk · ‎08-26-2013

Hi Malex27,

Typically, linux will write an entry into:
/var/log/messages

Whenever a USB device is plugged in or removed from the server. You can configure this to be manually monitored via a monitor stanza in your inputs.conf.

Alternatively, you can use the Splunk for Unix & Linux app to monitor the file and send the data to an Indexer for the purposes of reporting.

Hope this helps 🙂

View solution in original post

rturk · ‎08-26-2013

Hi Malex27,

Typically, linux will write an entry into:
/var/log/messages

Whenever a USB device is plugged in or removed from the server. You can configure this to be manually monitored via a monitor stanza in your inputs.conf.

Alternatively, you can use the Splunk for Unix & Linux app to monitor the file and send the data to an Indexer for the purposes of reporting.

Hope this helps 🙂

malex27 · ‎08-30-2013

Thanks R.Turk,

I guess the first one is the simpler way, I just need to figure out the search patterns.

Detecting removable media

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

Monitoring Amazon Elastic Kubernetes Service (EKS)