Arpwatch custom parser for the SUSE collector

Arpwatch custom parser for the SUSE collector

Arpwatch is a really neat tool for detecting intruders, accidental network connections from alien machines.


It can be installed from the official repositories, by running zypper install arpwatch.


Once you install it, its config should be modified by editing /etc/sysconfig/arpwatch:


ARPWATCH_ARGS="-u nobody -e -"


This will run the tool as user nobody, and disable sending e-mails. It can be quite chatty.


Once that is done, import the attached custom file to the SUSE Linux Enterprise Server Collector, as an auxiliary file. Make sure the name is custom.js.


Then switch the collector to custom mode, and restart it. This will make sure arpwatch messages will be parsed.


The script is using a customer variables CV99 and CV100 for storing the detected MAC addresses.


 



NetIQ does not test or validate any software, code or other materials provided in, on or through NetIQ Cool Solutions (collectively, "Materials"), so please use caution when downloading or accessing any Materials from Cool Solutions and ensure that you have reasonable and current security, spyware and anti-virus measures in place on your computer and/or network prior to downloading. Additionally, do not use any Materials downloaded from Cool Solutions in any production environment without first testing the Materials to ensure they are compatible with your version of NetIQ software or any other hardware or software present in your network or environment. Cool Solutions is not a substitute for authorized NetIQ support and should not be used as such. NETIQ COOL SOLUTIONS AND ANY MATERIALS ARE PROVIDED ON AN AS-IS, AS-AVAILABLE BASIS WITHOUT ANY WARRANTY OF ANY KIND. By downloading this file, you are agreeing to these terms of use. To report a problem please contact: coolguys-netiq@netiq.com. Your use of Cool Solutions is governed by the Cool Solutions Terms and Conditions. https://www.netiq.com/communities/coolsolutions/terms-and-conditions/
Attachments

DISCLAIMER:

Some content on Community Tips & Information pages is not officially supported by Micro Focus. Please refer to our Terms of Use for more detail.
Top Contributors
Version history
Revision #:
1 of 1
Last update:
‎2012-08-07 11:11
Updated by:
 
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.