On 7/5/2011 12:00 PM, Chris Hoogendyk wrote: > > > On 7/1/11 12:46 PM, Nathan Gibbs wrote: >> On 6/14/2011 1:10 PM, Chris Hoogendyk wrote: >>> This stuff is supposed to just work. Like mon. And arpwatch >>> has been around forever. >>> >>> So, I'm wondering if anyone has put together a mon monitor that can >>> mediate the notifications from arpwatch. I'm using arpwatch-NG1.7. >>> >> I don't, but I have been working on a monitor to check the arp table of >> hosts and report anomalies. >> >> Anyone interested? > > Yes. >
OK, other things are slowing down my development efforts right now, but I will get it done. > A bit more control over reporting frequency and what is reported would > be very good. Arpwatch produces an overload and makes it hard to use on > a busy network since it is constantly shouting about things. If you can > recognize that some particular hardware address was already reported for > a particular behavior and not continue hollering about it, that would > make it more valuable -- i.e. increase the signal to noise ratio. Any > other correlation or diagnostic stuff would be good as well. > > If you can get arpwatch to dump into a log file and build a monitor to process that, you may get what you want. Just an idea. Also check out arpalert, it seems to have more features than arpwatch. -- Sincerely, Nathan Gibbs Christ Media (315) 548-7647 http://www.cmpublishers.com
signature.asc
Description: OpenPGP digital signature
_______________________________________________ mon mailing list mon@linux.kernel.org http://linux.kernel.org/mailman/listinfo/mon
