Forums

Mansoor
Mansoor
Offline
Resolved
0 votes
My root's email address is bombarded with tens or even hundreds of messages from arpwatch everyday! Most of the messages report users moving between access points in my network, mostly "flip flop" notifications similar to this:

hostname: Airalkhas.domain.com
ip address: 192.168.0.65
ethernet address: c2:56:27:84:xx:xx
ethernet vendor: <unknown>
old ethernet address: 48:bf:6b:d3:xx:xx
old ethernet vendor: <unknown>
timestamp: Tuesday, January 9, 2018 19:57:18 +0300
previous timestamp: Tuesday, January 9, 2018 19:56:57 +0300
delta: 21 seconds

Is there a way to fine tune arpwatch notifications or stop them all together?

Thank you.
Tuesday, January 09 2018, 05:14 PM
Share this post:
Responses (4)
  • Accepted Answer

    Thursday, January 11 2018, 08:30 AM - #Permalink
    Resolved
    0 votes
    If you stop/disable the service you will disable one of the apps - the network visualiser, from memory.
    The reply is currently minimized Show
  • Accepted Answer

    Mansoor
    Mansoor
    Offline
    Thursday, January 11 2018, 02:55 AM - #Permalink
    Resolved
    0 votes
    After a day or so of applying Nick's solution, I'm glad to report that annoying notifications message have finally disappeared.

    Another solution is to stop the arpwatch service all together. To do that, find the service's name:

    ls -la /etc/systemd/system/multi-user.target.wants/arpwatch*

    Then, stop and disable it:
    systemctl stop arpwatch@XXX.service
    systemctl disable arpwatch@XXX.service
    The reply is currently minimized Show
  • Accepted Answer

    Mansoor
    Mansoor
    Offline
    Tuesday, January 09 2018, 06:50 PM - #Permalink
    Resolved
    0 votes
    Thank you Nick. I applied the change you suggested and will be watching the effect on my email client.
    The reply is currently minimized Show
  • Accepted Answer

    Tuesday, January 09 2018, 06:42 PM - #Permalink
    Resolved
    0 votes
    I've changed my /etc/sysconfig/arpwatch file:
    # -u <username> : defines with what user id arpwatch should run
    # -e <email> : the <email> where to send the reports
    # -s <from> : the <from>-address
    # changed by njh
    #OPTIONS="-u arpwatch -e root -s 'root (Arpwatch)'"
    OPTIONS="-u arpwatch -e - -N"
    The reply is currently minimized Show
Your Reply