kpriv/freebsd-ports
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
freebsd-ports/net-mgmt/arpwatch-devel/files/patch-ad
Kirill Ponomarev a427774043 This patch adds support for labeling interfaces in arpwatch 
reports.  Labels are created by making a symlink in the
arpwatch data directory that points at the textual description
(e.g. ln -s "Internal Network" dc0).

PR:		ports/67838
Submitted by:	maintainer
2004-06-11 18:30:10 +00:00

128 lines
3 KiB
Text
Raw Blame History

--- arpwatch.8.orig Sun Oct 8 16:31:28 2000
+++ arpwatch.8 Fri Jun 11 12:35:32 2004
@@ -1,4 +1,4 @@
-.\" @(#) $Id: arpwatch.8,v 1.13 2000/10/08 20:31:25 leres Exp $ (LBL)
+.\" @(#) $Id: arpwatch.8,v 1.5 2004/06/11 16:26:22 mdg Exp $ (LBL)
.\"
.\" Copyright (c) 1992, 1994, 1996, 1997, 2000
.\" The Regents of the University of California. All rights reserved.
@@ -30,7 +30,10 @@
.B -dN
] [
.B -f
-.I datafile
+.I arpfile
+] [
+.B -e
+.I etherfile
] [
.B -i
.I interface
@@ -38,6 +41,9 @@
.br
.ti +8
[
+.B -m
+.I email
+] [
.B -n
.IR net [/ width
]] [
@@ -67,8 +73,24 @@
.IR arp.dat .
.LP
The
+.B -e
+flag is used to set the ethernet/interface database filename.
+The default is
+.IR ether.dat .
+.LP
+The
+.B -i
+flag is used to specify a single interface. By default,
+.B arpwatch
+will listen to all non-loopback interfaces. Using more than one
.B -i
-flag is used to override the default interface.
+option on the same command line is not supported.
+.LP
+The
+.B -m
+flag specifies the address that will receive the emails.
+The default is
+.IR root .
.LP
The
.B -n
@@ -81,6 +103,8 @@
The
.B -N
flag disables reporting any bogons.
+It is highly recommended that this flag be used on machines with
+multiple interfaces.
.LP
The
.B -r
@@ -96,21 +120,31 @@
.LP
Note that an empty
.I arp.dat
+and
+.I ether.dat
file must be created before the first time you run
.BR arpwatch .
.LP
.SH "REPORT MESSAGES"
Here's a quick list of the report messages generated by
-.BR arpwatch (1)
+.BR arpwatch
(and
-.BR arpsnmp (1)):
+.BR arpsnmp
+):
+.TP
+.B "new ethernet device"
+The ethernet address has not been seen before.
+.TP
+.B "ethernet device changed interfaces"
+An ethernet address associated with one interface has moved to a
+different interface.
.TP
.B "new activity"
This ethernet/ip address pair has been used for the first time six
months or more.
.TP
-.B "new station"
-The ethernet address has not been seen before.
+.B "new active IP address"
+The IP address has not been seen before.
.TP
.B "flip flop"
The ethernet address has changed from the most recently seen address to
@@ -148,12 +182,25 @@
.B "suppressed DECnet flip flop"
A "flip flop" report was suppressed because one of the two
addresses was a DECnet address.
+.SH "INTERFACE LABELS"
+Interfaces can be assigned labels that are displayed in reports
+next to the interface name. This is useful for identifying connected
+networks. In order to assign a label, create a symbolic link in
+the arpwatch data directory. The link should have the same name
+as the interface, and should point to the textual label. For example:
+.LP
+ln -s "Internal Network" dc0
+.LP
+Labels are read when
+.BR arpwatch
+initializes. The process must be restarted for label changes to take effect.
.SH FILES
.na
.nh
.nf
-/usr/operator/arpwatch - default directory
+/usr/local/arpwatch - default directory
arp.dat - ethernet/ip address database
+ether.dat - ethernet/interface address database
ethercodes.dat - vendor ethernet block list
.ad
.hy
Reference in a new issue View git blame Copy permalink