Difference between revisions of "Arpwatch"
m |
m |
||
Line 8: | Line 8: | ||
# To configure mail edit the file /etc/sysconfig/arpwatch. | # To configure mail edit the file /etc/sysconfig/arpwatch. | ||
#:<pre> | #:<pre> | ||
#:: OPTIONS="-u arpwatch -e saurabh@ | #:: OPTIONS="-u arpwatch -e saurabh@example.com -s 'root (Arpwatch)'" | ||
#:</pre> | #:</pre> | ||
# service arpwatch start | # service arpwatch start |
Revision as of 13:48, 20 May 2021
<yambe:breadcrumb>Monitoring_tools|Monitoring tools</yambe:breadcrumb>
arpwatch
Basic arpwatch configuration can be done using following steps:
- yum -y install arpwatch
- chkconfig --level 345 arpwatch on
- To configure mail edit the file /etc/sysconfig/arpwatch.
- OPTIONS="-u arpwatch -e saurabh@example.com -s 'root (Arpwatch)'"
- service arpwatch start
In case instead of mail if syslog is preferred than use following config lines instead
OPTIONS="-u arpwatch -e - -s 'root (Arpwatch)'"
Log activity can be monitored using: tail -f /etc/log/messages
Steps contributed by Krati Jain. Refer http://www.tecmint.com/monitor-ethernet-activity-in-linux/
Configure ARPWatch to support multiple interfaces
To configure ARPWatch for supporting multiple interfaces replace /etc/init.d/arpwatch script with script at http://www.zemris.fer.hr/~sgros/files/scripts/arpwatch Then edit /etc/sysconfig/arpwatch as explained at http://sgros.blogspot.in/2012/01/arpwatch-on-multiple-interfaces.html
Sample arpwatch configuration file which monitors multiple interfaces is:
OPTIONS="-u arpwatch -e - -s 'root (Arpwatch)'" INTERFACES="eth0 eth1.802 eth1.902"
<yambe:breadcrumb>Monitoring_tools|Monitoring tools</yambe:breadcrumb>