Getting Data In

How do i set up a dashboard to monitor my home network

jcodjo3
Explorer

I cant use the home monitor app because I have a Zyxel modem from Centurylink.  And I am very new to Splunk.  any ideas on where I can start from in getting data in from my home network would be greatly appreciated.  I have splunk installed on the laptop I want to monitor the smart tv and the xbox, and an additional desktop computer.

Labels (1)
0 Karma

vikramyadav
Contributor

Hey, @jcodjo3 you can tryZyxel firewall Add-on to monitor logs.
https://splunkbase.splunk.com/app/4907/

--------------------------------------------------------

If this helps your like will be appreciated😀

brent_weaver
Builder

Hey there, welcome to the wonderful world of splunk.  The first thing to explore is how to get data in from the devices you want to monitor. For example a quick search on Zylex model tells me that this device can send syslog feed to external syslog server. If this is the case (for this device), you could setup a TCP listening input nnd configure the model to send to the splunk server IP and the port you designate. This procedure will give you more information https://docs.splunk.com/Documentation/Splunk/latest/Data/Monitornetworkports.

The key to your success is getting as much data in as you can and to make it searchable. By searchable I mean that the data is parsed into key/value pairs so you can easily search on key's (i.e. src_ip=10.5.6.6). Splunk being splunk, they did allot of the work for you so it is well aware of the various types of syslog formats and therefore you don't need to do anything to get it to parse into kv pars. The key to that is that you sourcetype the data feed as syslog, and waaa -laaa splunk does the rest. 

Hope this gives you a good start!

jcodjo3
Explorer

Hello thank you so much for the response. 

I am however a little confused on what source type to select , when going through the input settings. 

I also wanted to ask if I need to access the admin settings on the modem/router ?  

Thank you for the help, its greatly appreciated.

0 Karma

brent_weaver
Builder

If it is a syslog feed select syslog, this will direct splunk to apply the field extractions to make the key value pairs I spoke of earlier.

jcodjo3
Explorer

Should I use a port scanner ? Or is it better to go into my modem and view the ports ? 

0 Karma

brent_weaver
Builder

It depends on what information you are looking to gain. If you only want to know if a port is available then sure use neap and log that output. If you want more detail, such as metrics you will need to stream from the device to Splunk tcp port.  

I should have asked much earlier. What is the goal? Just availability or metrics as well as availability?

 

please know that this should not be difficult to achieve from a Splunk perspective, the wildcard is the device you are trying to log whether It can be logged. 

0 Karma

jcodjo3
Explorer

I believe I can use netstat to locate this information 

0 Karma

brent_weaver
Builder

yes you can assuming you have a transport mechanism from the device to splunk. If you can use a universal forwarder (on a known supported os) you can create a scripted input. This means that the output of the script run gets written into splunk. 

With embedded devices, like I believe yours is, you are probably going to need to write out to splunk using syslog. And it’s unlikely you can run a netstat on it unless you can shell into it and find a way to write to splunk.  Nmap allows you to probe from a central location and you don’t need to be local to the host, just a bash shell So you could have a server that gathers information on the other devices using a scripted input that runs nmap.

hope this helps

0 Karma