After a little episode at one of my clients from a wireless hack, and another issue on my own network with a rogue ap and computer plugged in for p2p downloading, I wrote this little application to email whenever an unknown computer (or network device) joins the network. It uses both a scan of the syslog file for any dhcpack as well as ping broadcast to your own network, followed by an arp -a to pick up any static devices too. using a cron to run every 5 minutes, I'll know within a few minutes if anything new is there, and deal with it.
This is also a good basis to add devices to a block list until manually handled (my next step likely) to provide some form of network access control, albeit something affordable to small business.
It pulls the email from your administration settings on the Untangle server directly as well as your IP settings.
Simply rename this file to something appropriate for your system, transfer to your Untangle server and set up a cron job for it at whatever interval you wish.
If you have a large number of systems on your network, you may disable the email on the first run while it builds it's database by finding the 3rd last line "SENDMAIL" and putting a pound symbol to comment it out like "#SENDMAIL". Restore it after the first run and you'll now have a list of the machines on your network by Mac address.
THIS IS A BETA RELEASE. It doesn't make any changes to your system so should have no impact if it doesn't run on your system other than it failing itself.
The email title lists a subject ("currently DSC New Computer" or whatever client site it's at) that also contains the IP and dns name of the computer. The body also contains the mac and a lookup to the IEEE database of MAC manufactures such that I have an idea of what kind of computer or device I'm looking for.
Any questions, email me at dcbour at desktopsolutioncenter dot ca.
Thanks and hope you find it useful.