My root's email address is bombarded with tens or even hundreds of messages from arpwatch everyday! Most of the messages report users moving between access points in my network, mostly "flip flop" notifications similar to this:
Is there a way to fine tune arpwatch notifications or stop them all together?
Thank you.
hostname: Airalkhas.domain.com
ip address: 192.168.0.65
ethernet address: c2:56:27:84:xx:xx
ethernet vendor: <unknown>
old ethernet address: 48:bf:6b:d3:xx:xx
old ethernet vendor: <unknown>
timestamp: Tuesday, January 9, 2018 19:57:18 +0300
previous timestamp: Tuesday, January 9, 2018 19:56:57 +0300
delta: 21 seconds
Is there a way to fine tune arpwatch notifications or stop them all together?
Thank you.
Share this post:
Responses (4)
-
Accepted Answer
-
Accepted Answer
After a day or so of applying Nick's solution, I'm glad to report that annoying notifications message have finally disappeared.
Another solution is to stop the arpwatch service all together. To do that, find the service's name:
ls -la /etc/systemd/system/multi-user.target.wants/arpwatch*
Then, stop and disable it:
systemctl stop arpwatch@XXX.service
systemctl disable arpwatch@XXX.service -
Accepted Answer
-
Accepted Answer
I've changed my /etc/sysconfig/arpwatch file:
# -u <username> : defines with what user id arpwatch should run
# -e <email> : the <email> where to send the reports
# -s <from> : the <from>-address
# changed by njh
#OPTIONS="-u arpwatch -e root -s 'root (Arpwatch)'"
OPTIONS="-u arpwatch -e - -N"
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »