On 7/1/11 12:46 PM, Nathan Gibbs wrote:
On 6/14/2011 1:10 PM, Chris Hoogendyk wrote:
This stuff is supposed to just work. Like mon. And arpwatch
has been around forever.
So, I'm wondering if anyone has put together a mon monitor that can
mediate the notifications from arpwatch. I'm using arpwatch-NG1.7.
I don't, but I have been working on a monitor to check the arp table of
hosts and report anomalies.
Anyone interested?
Yes.
A bit more control over reporting frequency and what is reported would be very good. Arpwatch
produces an overload and makes it hard to use on a busy network since it is constantly shouting
about things. If you can recognize that some particular hardware address was already reported for a
particular behavior and not continue hollering about it, that would make it more valuable -- i.e.
increase the signal to noise ratio. Any other correlation or diagnostic stuff would be good as well.
--
---------------
Chris Hoogendyk
-
O__ ---- Systems Administrator
c/ /'_ --- Biology& Geology Departments
(*) \(*) -- 140 Morrill Science Center
~~~~~~~~~~ - University of Massachusetts, Amherst
<hoogen...@bio.umass.edu>
---------------
Erdös 4
_______________________________________________
mon mailing list
mon@linux.kernel.org
http://linux.kernel.org/mailman/listinfo/mon
