User Tools

Site Tools


macwatch

This is an old revision of the document!


MAC Watch

MAC Watch acts as watch list of Ethernet MAC addresses. When a MAC address on the watch list appears on the monitored network, MAC Watch will dispatch a macWarning event, which can be subscribed to in your Alert Profile.

This can, for instance, be used for keeping an eye out for stolen hardware being used on your network.

Subscribing to alerts

Alert Profiles doesn't come with a builtin filter for macWarning alerts, but you can easily add a matching filter and filter groups yourself in the Alert Profiles interface.

NAV's default is that any user can subscribe to any alert, but you may wish to change Alert Profiles' authorization setup to limit the set of users who can “legally” subscribe to macWarnings alerts. This may be necessary both for privacy and legal reasons.

How are the watched addresses discovered?

A cron job will run just after mactrace (getBoksMacs) to check for new machine tracker records and dispatch a macWarning alert if necessary.

macwatch.1304944354.txt.gz · Last modified: 2011/05/09 12:32 by morten