No alert if a device connects to network and then disconnects before the next interval

[iptvcld]

No alert if a device connects to network and then disconnects before the next interval - this device can be missed and wont know that activity every happened

[leiweibau]

Yes, this is possible in principle. If there is no major interaction in the network (DHCP leases, or queries to the DNS server), then this can happen in individual cases. To reduce this window, the interval in which the network is scanned could be reduced, but then again there may be overlapping scans or "locked" databases.

[iptvcld]

Hmm ok thanks, I have pfsense as my router and have even tried looking something for that to notify me as soon as a new device gets a IP. But nothing really good I can find. Arpwatch is not the best. Then I geared towards UniFi as I am using that for my switches and AP but seems like with UniFi it will always a pooling effect instead of an instant trigger based on an action.

[leiweibau]

No, unfortunately I cannot offer a connection to the network as a trigger. This would have to be done by the device with which the connection is established.

[iptvcld]

If I adjust the interval to 5 seconds, what do you think the impacts that can cause for the UniFi controller

Also is there a way to report on disconnected devices (offline) new devices? So that way if a device did come online between the interval and then disconnected from the network, that device still should be in the not action section in UniFi. And it would be neat for this package to be able to report on those as well and an alert for those types can be something like “New device detected but is found to be offline”

[leiweibau]

The bigger problem may be that the database is locked. Even if you switch off everything else (ARP scan, rouge DHCP detection, web service and ICMP monitoring), I personally would not go below 30s. I can't say to what extent the Unifi system causes problems. However, a few GUI elements are hard-coded to the 5min interval, which then display the wrong things (next scan countdown)

So that way if a device did come online between the interval and then disconnected from the network, that device still should be in the not action section in UniFi.

As I said above, I don't have a Unifi system and can't comment on the nature of the data coming in via the import. Here I kindly had help with the implementation. What I can say, however, is that the entire stack, with the session creation, the presence view and the notifications, is designed to "process" "active" devices, i.e. the scan results assume that all devices found are "active". The only exception that I am aware of here is the use of the Pihole DB in Pi.Alert. Here, however, other problems occur, such as hosts appearing which have not existed for a long time and which are always recognized again after deletion.

[iptvcld]

Thanks again for the review, my search continues to see if perhaps I can find something that will attach to pfsense itself and watch for the DHCP logs which can trigger when something new comes in.

[leiweibau]

There is already a Python library that allows access to pfsens. If you could recommend me a good tutorial to install pfsens e.g. in a VM, I could maybe set up a test system to work on an importer.

[leiweibau]

An alternative was found.