<yambe:breadcrumb>Monitoring_tools|Monitoring tools</yambe:breadcrumb>

arpwatch

Basic arpwatch configuration can be done using following steps:

1. yum -y install arpwatch
2. chkconfig --level 345 arpwatch on
3. To configure mail edit the file /etc/sysconfig/arpwatch.

   OPTIONS="-u arpwatch -e saurabh@sbarjatiya.com -s 'root (Arpwatch)'"

4. service arpwatch start

In case instead of mail if syslog is preferred than use following config lines instead

  OPTIONS="-u arpwatch -e - -s 'root (Arpwatch)'"

Log activity can be monitored using: tail -f /etc/log/messages

Steps contributed by Krati Jain. Refer http://www.tecmint.com/monitor-ethernet-activity-in-linux/

Configure ARPWatch to support multiple interfaces

To configure ARPWatch for supporting multiple interfaces replace /etc/init.d/arpwatch script with script at http://www.zemris.fer.hr/~sgros/files/scripts/arpwatch Then edit /etc/sysconfig/arpwatch as explained at http://sgros.blogspot.in/2012/01/arpwatch-on-multiple-interfaces.html

Sample arpwatch configuration file which monitors multiple interfaces is:

OPTIONS="-u arpwatch -e - -s 'root (Arpwatch)'"
INTERFACES="eth0 eth1.802 eth1.902"

Init.d script contents are available at media:Arpwatch-init.txt

<yambe:breadcrumb>Monitoring_tools|Monitoring tools</yambe:breadcrumb>