Arpwatch

From Notes_Wiki
Revision as of 09:05, 6 August 2015 by Saurabh (talk | contribs) (Created page with "<yambe:breadcrumb>Monitoring_tools|Monitoring tools</yambe:breadcrumb> =arpwatch= Basic arpwatch configuration can be done using following steps: # yum -y install arpwatch #...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

<yambe:breadcrumb>Monitoring_tools|Monitoring tools</yambe:breadcrumb>

arpwatch

Basic arpwatch configuration can be done using following steps:

  1. yum -y install arpwatch
  2. chkconfig --level 345 arpwatch on
  3. To configure mail edit the file /etc/sysconfig/arpwatch.
    OPTIONS="-u arpwatch -e saurabh@sbarjatiya.com -s 'root (Arpwatch)'"
  4. service arpwatch start

In case instead of mail if syslog is preferred than use following config lines instead

  OPTIONS="-u arpwatch -e - -s 'root (Arpwatch)'"

Log activity can be monitored using: tail -f /etc/log/messages

Steps contributed by Krati Jain. Refer http://www.tecmint.com/monitor-ethernet-activity-in-linux/


Configure ARPWatch to support multiple interfaces

To configure ARPWatch for supporting multiple interfaces replace /etc/init.d/arpwatch script with script at http://www.zemris.fer.hr/~sgros/files/scripts/arpwatch Then edit /etc/sysconfig/arpwatch as explained at http://sgros.blogspot.in/2012/01/arpwatch-on-multiple-interfaces.html

Sample arpwatch configuration file which monitors multiple interfaces is:

OPTIONS="-u arpwatch -e - -s 'root (Arpwatch)'"
INTERFACES="eth0 eth1.802 eth1.902"

Init.d script contents are available at media:Arpwatch-init.txt