Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Is it possible to monitor if someone plugs in a network cable in the network?

nickbijmoer
Path Finder
‎11-04-2016 05:54 AM

Hello,

Is it possible to monitor if someone is plugging a network cable in the network?

0 Karma
Reply

hlange
New Member
‎11-04-2016 06:35 AM

We use rsyslog and have the network switches logging at the information level, which gives us port up/down status. If or as long as the network cable that is plugged in is also connected to a live network interface, then it would be possible to monitor port up/down status. The downside is that rebooting a system already connected to the network will generate a port down and then a port up message as the system reboots. You could use that port status information to monitor your ports. If you have port security enabled, you could also report on port security violations. Building a dashboard from scratch to show port status information might take some time. You could check to see if there is an app that can do this or a similar task that you could use as a model to build your own app as well.

0 Karma
Reply

nickbijmoer
Path Finder
‎11-04-2016 07:12 AM

Hmm okey thanks im gonna do some research 🙂

0 Karma
Reply

treinke
Builder
‎11-04-2016 06:24 AM

Typically you can monitor the switch and look for the link state of the port. If the link state goes from down to up, someone connected something in to that port.

Typically you can send this information to a syslog server and then collect the syslog information in to Splunk.

There are no answer without questions
Reply

nickbijmoer
Path Finder
‎11-04-2016 06:33 AM

Ahh cool, so I have to setup my switch to send information to a syslog server and then the syslog server can send it to splunk?

0 Karma
Reply

treinke
Builder
‎11-04-2016 07:32 AM

That is correct. You will need to look how to send the syslog to a collector for your make and model of switches. Also check on the log level of the switch. It might send more information than you want.

As hlange said, check to see if there is a prebuild app or TA for your brand of switch. Typically they help to do the parsing of the logs to help you in understanding what you are getting from the logs.

There are no answer without questions
0 Karma
Reply
Get Updates on the Splunk Community!

Preparing your Splunk Environment for OpenSSL3

The Splunk platform will transition to OpenSSL version 3 in a future release. Actions are required to prepare ...

Unleash Unified Security and Observability with Splunk Cloud Platform

     Now Available on Microsoft AzureThursday, March 27, 2025  |  11AM PST / 2PM EST | Register NowStep boldly ...

Splunk AppDynamics with Cisco Secure Application

Web applications unfortunately present a target rich environment for security vulnerabilities and attacks. ...