From: Peter Frischknecht <peter@em...> - 2004-04-30 14:51:58
By default, arpwatch will not run on DL.
In order to make it work, you have to create an empty file called
arp.dat and then FROM THE SAME directory fire up arpwatch
arpwatch -i eth1
At this point, arpwatch WILL run, HOWEVER...the mail functionality still
will not work.
Looking at the original Makefile, it is seeking sendmail under
(guess what...it ain't there)
If you do install postfix, it creates fake links to sendmail under (I
think) /usr/bin/sendmail. As if that was not enough, the emails are
ONLY sent to ROOT on the localhost.
It is up to you to set up a .forward file on the root home (/root) to
receive these emails elsewhere and not run out of RAMDISK space.
As a side note, the arp.dat file should never grow too large. It stores
KNOWN ethernet mac addresses, as long as your DL box does not sit in
some major campus backbone with thousands of visible MAC addresses, it
should stay very small. I have 400Mac addresses on my file, and it is
I would send in the changes to the source file, but I do not know how to
1 - The install script has to copy (or create) the arp.dat file to a
place like /var/log
2 - The makefile has to be appropriately updated. There is a line that
reads ARPDIR=$(prefix)/arpwatch. It should be changed to ARPDIR=/var/log
3 - The default etc.tar.gz should be updated accordingly and contain the
4 - You can also update the addresses.h.in and change the dest address
of the arp notifications PRIOR to compilation
NOTE: I knew I needed arpwatch. It struck me as very odd that arpwatch
has NO configuration files. If somebody knows differently, please tell
me. Because compiling "/var/log" or the dest email address in to the
executable is not elegant at all.
Peter Frischknecht <peter@...>
Empowering Solutions, Inc.