Looking at my home network the layer 2 participants in the different VLANs are quite static. As a measure of security I would like be able to acknowledge MAC addresses of clients and give them a tag and/or a name for reference.
In case a new participant appears I would like to get a notification so I can either acknowledge it too or start investigating.
I have been thinking about that for years but I'm not aware of a software targeting that idea. Do you know if there is something like this?
use hotplug to monitor dhcp events ?
yes actually this should be a better system than scanning the entire network
Methods like dhcp/DHCPv6 are unreliable as they might not even be used at all. Everything that's getting into the ARP/NDP table I would like to store persistently alongside a tag / name maybe in UCI. Tags could be "acknowledged" or maybe "rogue" or whatever.
I'm aware this might not be a good fit for those damageable flash devices. I'm running my firewalls on x86, so no problem there.
My first thought was to implement it with prometheus / grafana / alertmanager but I was thinking of something more tightly integrated. Sadly I'm a knewb to lua.
You can use addrwatch package (like old arpwatch but more functional), it is slightly more ocmpact than grafana