That I can do. Thanks! Sent from my Verizon Wireless BlackBerry
-----Original Message----- From: "dan (ddp)" <[email protected]> Date: Sat, 23 Jan 2010 09:57:33 To: <[email protected]> Subject: Re: [ossec-list] Re: Arpwatch and ossec On Fri, Jan 22, 2010 at 5:08 PM, Rudy Kazootie <[email protected]> wrote: > Okay, arpwatch/ossec rookie question number 2. I went back to the terminal > window, and this time I went like so: > > arpwatch -d > > Hot diggity, address after address of arpful goodness. But they're all > going to root, and ossec tells me nothing by email. How (where) do I > configure arpwatch to send it to ossec to email it to me? > > Thanks. > > > > > > You have to configure ossec to watch the arpwatch logs. I have the following in my ossec.conf: <localfile> <log_format>syslog</log_format> <location>/var/arpwatch/arpwatch.dat</location> </localfile> You'll have to figure out where arpwatch keeps the logs on your system.
