So, I modified startup script so that it now accepts INTERFACES variable within /etc/syconfig/arpwatch configuration file and starts arpwatch on each specified interface. If this variable isn't defined then it behaves as before. For example, to start it on interfaces eth0 and eth1 you should add the following line in /etc/syconfig/arpwatch:
INTERFACES="eth0 eth1"The basic idea behind this change is to start arpwatch tool multiple times, once per each specified interface. Also, to each instance I give different database (arp.dat) so that multiple instances don't overwrite each other data.
Note that the script is a bit rough on edges, i.e. it properly behaves during startup phase, but not on shudown. Also, I embedded fixed path to data files. I'll improve this script in a due course when I find more time, or when it turns out that it's necessary to do so. :)
[20120203] Update: I had a an error in script because of which database files were placed in wrong directory and, as a consequence, arpwatch couldn't write database when it was exiting. Now, the script is updated and it works, furthermore, I tested stoping arpwatch using that script and it also works
3 comments:
Hi,
same arpwatch package.
it seems that the "-i" switch creates problems, my arpwatch istances seems started but in messages I have:
Jan 10 12:20:48 fairplay arpwatch: pcap open eth0: #001
Jan 10 12:20:48 fairplay arpwatch: pcap open eth1: #001
and, of course, no istances of arpwatch running....
if I use arpwatch without -i switch, all is OK, of course.. I have it only on eth0...
Something else is a problem, not -i switch. As you can see from the log files, arpwatch correctly started to listen on different interfaces (i.e. recognized -i switch) but for some reasons it stopped.
Try to manually run arpwatch on eth1 interface using -i switch and see what will happen.
the problem, but don't ask me which problem, is in the fedora FC18 package.
I had to recompile it from sourcer and now is correctly working.
Post a Comment