Difference between revisions of "Arpwatch"

From Notes_Wiki
m
m
Line 8: Line 8:
# To configure mail edit the file /etc/sysconfig/arpwatch.
# To configure mail edit the file /etc/sysconfig/arpwatch.
#:<pre>
#:<pre>
#::  OPTIONS="-u arpwatch -e saurabh@sbarjatiya.com -s 'root (Arpwatch)'"
#::  OPTIONS="-u arpwatch -e saurabh@example.com -s 'root (Arpwatch)'"
#:</pre>
#:</pre>
# service arpwatch start
# service arpwatch start

Revision as of 13:48, 20 May 2021

<yambe:breadcrumb>Monitoring_tools|Monitoring tools</yambe:breadcrumb>

arpwatch

Basic arpwatch configuration can be done using following steps:

  1. yum -y install arpwatch
  2. chkconfig --level 345 arpwatch on
  3. To configure mail edit the file /etc/sysconfig/arpwatch.
    OPTIONS="-u arpwatch -e saurabh@example.com -s 'root (Arpwatch)'"
  4. service arpwatch start

In case instead of mail if syslog is preferred than use following config lines instead

  OPTIONS="-u arpwatch -e - -s 'root (Arpwatch)'"

Log activity can be monitored using: tail -f /etc/log/messages

Steps contributed by Krati Jain. Refer http://www.tecmint.com/monitor-ethernet-activity-in-linux/


Configure ARPWatch to support multiple interfaces

To configure ARPWatch for supporting multiple interfaces replace /etc/init.d/arpwatch script with script at http://www.zemris.fer.hr/~sgros/files/scripts/arpwatch Then edit /etc/sysconfig/arpwatch as explained at http://sgros.blogspot.in/2012/01/arpwatch-on-multiple-interfaces.html

Sample arpwatch configuration file which monitors multiple interfaces is:

OPTIONS="-u arpwatch -e - -s 'root (Arpwatch)'"
INTERFACES="eth0 eth1.802 eth1.902"




<yambe:breadcrumb>Monitoring_tools|Monitoring tools</yambe:breadcrumb>