Submit a ticketCall us

Systems Monitoring for Dummies
Our new eBook will teach you the fundamentals and help you create monitors and alerts that are effective, meaningful, and actionable. Monitoring is more than a checkbox on your to-do list. This free eBook will give you practical advice to help you succeed in all aspects of monitoring – discovery, alerting, remediation, and troubleshooting. Don’t miss out on this indispensable resource for newbies, experienced IT pros, and everyone in between. Register Now.

Home > Success Center > User Device Tracker (UDT) > UDT Administrator Guide > Common tasks with SolarWinds UDT > See Rogue Endpoint connections in real-time

See Rogue Endpoint connections in real-time

Table of contents
No headers
Created by Steven Bansil_ret, last modified by Steven Bansil_ret on Jan 20, 2017

Views: 49 Votes: 0 Revisions: 2

Scenario: White List is set up but you want real-time or near real-time alerts when a rogue device connects to the network.

Set up your devices to send connection-related traps to the UDT server. UDT checks the database for trap-related information at set intervals. If an endpoint connects to a UDT device, and the endpoint is not on the White List, UDT posts an alert in the Web Console.

  • The following instructions are for Cisco devices only.
  • You can remove device configurations by running a given command with no in front of it. For example, no set logging server ip_address removes that target from the remote logging stream.

To enable your Cisco devices to send trap messages:

  1. Open a command line in config mode on your device.
  2. Execute the commands from the examples, changing the IP address to match your UDT server.

    Traps (IOS)

    snmp-server host 10.110.68.33 public config

    snmp trap mac-notification change added

    snmp trap mac-notification change removed

    Traps (CatOS)

    set snmp trap 10.110.68.33 public config

    snmp trap mac-notification change added

    snmp trap mac-notification change removed

  3. Open the UDT Settings on the UDT server (Settings > UDT Settings).
  4. Click Advanced Settings.
  5. Enter a value (in seconds) under MAC Notification Processing Inverval for the frequency with which you want UDT to check for new trap messages.
  6. Click Save.
  • To verify your setup, connect a device to the network that is not on the UDT White List.
  • Wait for the time you allotted in Step 5, and then check the Active Alerts and All Triggered Alerts resource for an entry that shows the MAC address of the device you just connected.
 
Last modified

Tags

Classifications

Public