Arpwatch
<yambe:breadcrumb>Monitoring_tools|Monitoring tools</yambe:breadcrumb>
arpwatch
Basic arpwatch configuration can be done using following steps:
- yum -y install arpwatch
- chkconfig --level 345 arpwatch on
- To configure mail edit the file /etc/sysconfig/arpwatch.
- OPTIONS="-u arpwatch -e saurabh@sbarjatiya.com -s 'root (Arpwatch)'"
- service arpwatch start
In case instead of mail if syslog is preferred than use following config lines instead
OPTIONS="-u arpwatch -e - -s 'root (Arpwatch)'"
Log activity can be monitored using: tail -f /etc/log/messages
Steps contributed by Krati Jain. Refer http://www.tecmint.com/monitor-ethernet-activity-in-linux/
Configure ARPWatch to support multiple interfaces
To configure ARPWatch for supporting multiple interfaces replace /etc/init.d/arpwatch script with script at http://www.zemris.fer.hr/~sgros/files/scripts/arpwatch Then edit /etc/sysconfig/arpwatch as explained at http://sgros.blogspot.in/2012/01/arpwatch-on-multiple-interfaces.html
Sample arpwatch configuration file which monitors multiple interfaces is:
OPTIONS="-u arpwatch -e - -s 'root (Arpwatch)'" INTERFACES="eth0 eth1.802 eth1.902"
Init.d script contents are available at media:Arpwatch-init.txt