Author Topic: New Device Alert (Read 9090 times)

nmiller0113 · « **on:** July 15, 2017, 10:26:58 am »

I recently moved from Untangle to opnsense. Everything is running great but I cannot seem to figure out a good way to get alerts when new devices appear on my internal network(s). I like to be aware of new connections so I know if someone new jumped on my wireless or connected to my LAN. It's just for the sake of knowing and making sure it's legit and not some rogue device. Untangle had an easy way of doing this, and I understand that opnsense is a completely different platform and I'm not necessarily looking for an as easy solution...just *a* solution...either using what's part of the platform by default or through the use of an additional features. Either works for me, I just want to be able to get an email every time a device, not previously known or on the network, connects. Thanks!

MasterXBKC · « **Reply #1 on:** July 16, 2017, 02:47:43 am »

I could make this work for you, i have built a number of tool for pfsense and opnsense.

nmiller0113 · « **Reply #2 on:** July 17, 2017, 08:14:43 pm »

Awesome! How hard would it be to create?

Micky · « **Reply #3 on:** July 17, 2017, 08:39:39 pm »

You could use a raspberry with nmap-skript, too. If unknown Clients were found you can send a pushover-message or mail ...

Gr. Micky

beren · « **Reply #4 on:** October 08, 2019, 05:43:04 pm »

I know this is old, but has anyone come up with an easy solution? It would be really nice if it could use the dhcp static lease file as filter as well, so known devices don't get logged.

Mark1 · « **Reply #5 on:** October 17, 2019, 05:09:35 pm »

Hi,

is it to trivial or is there simply no solution to receive an email on new devices?

I would really appreciate a short feedback whether it is possible or not.

Thanks,

Mark

chemlud · « **Reply #6 on:** October 17, 2019, 06:02:19 pm »

I don't know an easy way to make the DHCP server send an email for every new (!) lease. Would be interesting for other functions (IDS), too...

If you want to hand down IPs on your network manually (reserved for MAC) this can be done quite easily.

mimugmail · « **Reply #7 on:** October 17, 2019, 08:19:40 pm »

You can try to install arpwatch via ports

Mark1 · « **Reply #8 on:** October 22, 2019, 12:13:32 pm »

Thank you.
Conclusion, with the standard opnsense release a new device alert is not possible.

Interesting fact as the first question from the GDPR guy was how we get notified on new devices.

hbc · « **Reply #9 on:** October 22, 2019, 12:18:06 pm »

What about new devices not using your gateway?

I would try switch port security and block unknown devices on access layer --> 802.1x.
New devices have to request a computer certificate in IT dept.

mimugmail · « **Reply #10 on:** October 22, 2019, 01:11:40 pm »

Quote from: hbc on October 22, 2019, 12:18:06 pm

What about new devices not using your gateway?

I would try switch port security and block unknown devices on access layer --> 802.1x.
New devices have to request a computer certificate in IT dept.

Indeed a way better solution

mimugmail · « **Reply #11 on:** January 03, 2022, 03:45:06 pm »

There is now one

https://forum.opnsense.org/index.php?topic=20827.msg126436#msg126436

Author Topic: New Device Alert (Read 9090 times)

nmiller0113

New Device Alert

MasterXBKC

Re: New Device Alert

nmiller0113

Re: New Device Alert

Micky

New Device Alert

beren

Re: New Device Alert

Mark1

Re: New Device Alert

chemlud

Re: New Device Alert

mimugmail

Re: New Device Alert

Mark1

Re: New Device Alert

hbc

Re: New Device Alert

mimugmail

Re: New Device Alert

mimugmail

Re: New Device Alert