Getting Data In

Help creating alerts for cameras ping test IP

kruane
Explorer

Hello,

My goal is to create a ping test for several cameras we have onsite. I'm looking for advice on this issue. We are using a software called Genetec for our cameras (not sure if this can be integrated with Splunk nor if it is completely necessary). 

Details:

Currently I have Splunk Cloud (3 on-premise Hosts AWS)

Cameras that connect to a physical router at our office.

I have access to the physical router used by the cameras. 

Private IPs within a VLAN. 

I have access to the cameras' private IPs and can ping them when connected to our VPN. 

Genetec software used for our cameras. 

Goals:

Create Alerts when the cameras go down via a ping test.

Possibly create a dashboard showing each's camera's availability (meaning if it is on or off)

 

Labels (1)
0 Karma

PickleRick
SplunkTrust
SplunkTrust

Firstly, I don't understand what you mean by "Splunk Cloud (3 on-premise Hosts AWS)".

But that's not important that much at the moment.

What is important is that you understand that Splunk works on events. Those events must be somehow generated and provided to Splunk for ingestion.

So you must have some way to ping those cameras, capture ping output and send it to splunk. Only then Splunk as such can act on the data it will have received.

Splunk on its own is not a monitoring solution in the sense Nagios or Zabbix are.

0 Karma

kruane
Explorer

Thank you for your response!

Is there a way to ingest data directly from the router being used by the cameras? Curious of how that setup works. Will the ingested data from the router create events, that are then workable into creating a "failed to ping" Alert. 

We have Splunk Cloud. Our UF, Heavy Forwarder that feeds Splunk Cloud lives in an AWS account that we have. We recently moved from Enterprise to Cloud. 

0 Karma

PickleRick
SplunkTrust
SplunkTrust

You might be able to ingest events from the router, depending on the router. Typically you'd configure syslog export on the router and receive syslog on a forwarder (even better - use intermediate syslog processing layer, but your installation might be too small for it to make sense). But the router typically creates events pertaining to its internal workings, authentication, audit and so on. You'd still need some kind of automation to ping those hosts. Routers typically don't go pinging around all neighbours just because 😄

kruane
Explorer

Wait a second...sorry to bug you again and I'm super appreciative to your feedback. A thought occurred to me. If the data from the router is ingested to Splunk, wouldn't that data be able to suggest what ports are down and up? It might not be a ping test to the camera, but it would show a connectivity issue, which I then could create Alerts on. 

0 Karma

PickleRick
SplunkTrust
SplunkTrust

If your router can send an event on port state change - that could be used for alerting.

But it's a question about the router itself, not about splunk 🙂

0 Karma

kruane
Explorer

The other step for me is to actually view Genetec. I don't have access at this moment. It definitely has configurations that are not being utilized, like ping testing to verify if the camera is up and running (from what I've read). Still, I'd like to be able to bring that data to Splunk for easy viewing for management. Create Reports, Alerts or a dashboard on the current state of the cameras. So I'll check and see if ingesting data from Genetec is feasible. 

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...