We have used Splunk which we have monitoring our logs anyway. We
configure Splunk to generate alerts when it sees log entries for known
stolen mac addresses asssociating with the system. We can then go on
site with a hand held tool to find the client device. If the person
with the stolen device is unwise enough to actually log into the system
it's even easier to id them.
-Matt
Lee H Badman wrote:
Unfortunately, we experience the occasional theft of University-owned or
personal laptops. Using Cisco WCS, we can certainly find the last place
a device was, if the wireless adapter was on, before it egressed campus.
What is missing is a mechanism to “flag” a MAC address to alert on a
client device if it pops back up on the network so there may be an
opportunity to react.
Has anyone else faced and conquered alerting on specific clients (for
whatever reason)?
Thanks-
Lee
--
------------------------------------------------------------
Matt Grover === University of Florida
Sr. Network Engineer === http://net-services.ufl.edu
[email protected] === Florida Lambda Rail
(352)273-1061 === http://www.flrnet.org/
------------------------------------------------------------
**********
Participation and subscription information for this EDUCAUSE Constituent Group
discussion list can be found at http://www.educause.edu/groups/.
