Solved: Splunk for Asset Discovery: How Can I get the MAC ...

rbacon · ‎01-29-2015

After trying several NMAP command line options, including "nmap -A", it appears that Asset Discovery script does not capture the MAC address of scanned machines on the network. How can I get it using this Splunk App?

Thanks!

mw · ‎01-29-2015

The app scripted input injects a -oG argument in order to force greppable output format. Unfortunately, that output format doesn't support outputting Mac addresses (for whatever reason). So, you'd need to modify the script and then create the necessary configs to deal with the other format. Certainly all possible, but at that point there's not a ton of use for this particular app.

View solution in original post

bbiandov · ‎04-20-2016

I've been struggling with this too so guess what sludgy way of solving this worked for me 🙂

cron job: LOL

*/5 * * * * /usr/bin/snmpbulkwalk -v 2c -c public@1 -OXsq 192.168.248.5 .1.3.6.1.2.1.17.4.3.1.2 >> /home/splunk/vlan1.txt

Then monitor the log via the universal splunk forwarded and that's how the data gets into splunk. Sad I know ...

mw · ‎01-29-2015

The app scripted input injects a -oG argument in order to force greppable output format. Unfortunately, that output format doesn't support outputting Mac addresses (for whatever reason). So, you'd need to modify the script and then create the necessary configs to deal with the other format. Certainly all possible, but at that point there's not a ton of use for this particular app.

RMcCurdyDOTcom · ‎08-17-2023

I used XtremeNmapParser to convert the xml to JSON and then used HEC to send it all to Spunk!

https://github.com/xtormin/XtremeNmapParser/issues/1

Splunk for Asset Discovery: How Can I get the MAC address?

Introducing the Splunk Community Dashboard Challenge!

Get the T-shirt to Prove You Survived Splunk University Bootcamp

Wondering How to Build Resiliency in the Cloud?