Getting Data In

Splunk network monitoring

perfecto25
Path Finder

Hello, I am trying to figure out hwo we can use Splunk to monitor and report on our network,

specifically I need to catch network errors for things like,

  1. dropped packets or connections
  2. any kind of network error
  3. blockage by firewall or switch ACL
  4. any other form of connection data

I tried Splunk Stream, which gives us a lot of data of general chatter and bandwidth info, but its not very useful for detecting network errors or troubleshooting problems

Is there an app or examples on how to set something like this up? Thanks.

0 Karma

NetFlow_Logic
Contributor

You may need to collect the following data in Splunk:

*>dropped packets or connections
*>any kind of network error

You can get this information from SNMP polling/traps or sFlow counters or certain NetFlow/IPFIX records

*>blockage by firewall or switch ACL
syslogs or NetFlow data

*>any other form of connection data
NetFlow, sFlow, IPFIX

We are a Splunk partner and we provide all this data (except syslog, which is natively ingested by Splunk) with our product - NetFlow Optimizer.

Try it for free by visiting https://www.netflowlogic.com/download/

0 Karma

solarboyz1
Builder

Splunk is a data tool, for it to help you with those issues, you would need to provide the information required to identify the issue.

specifically I need to catch network errors for things like,

  1. dropped packets or connections

You will need to define what you mean here, packets are dropped on networks all the time.

  1. any kind of network error

  2. blockage by firewall or switch ACL

  3. any other form of connection data

0 Karma

solarboyz1
Builder

What I meant to say:

  1. dropped packets or connections
  2. any kind of network error
  3. blockage by firewall or switch ACL
  4. any other form of connection data

Configure switches/routers/firewall to syslog to your splunk instance.
Install the appropriate apps for the network devices used.

You can install streams and capture the metadata, or configure netflow collectors and send to streams.
All depends on what you have available and what you are trying to do.

But getting the logs from you network devices is probably a good first step and will meet many if not all of your needs.

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...