Date: Tue, 17 Apr 2001 18:51:11 -0400 From: "Jonathan Fortin" <jfortin@akalink.com> To: <questions@freebsd.org> Subject: Re: ARP message filling my logs Message-ID: <009a01c0c790$e620c820$0200320a@gmoto> References: <C18E28011272D41180AD00B0D0496C0801C02168@ns-exch05>
next in thread | previous in thread | raw e-mail | index | archive | help
It has nothing to do with syslog, arpwatch.or Linux system security. sysctl -w net.link.ether.inet.log_arp_wrong_iface=0 will stop logging those events ----- Original Message ----- From: "Noah Dunker" <ndunker@jccc.net> To: "'Trevin Chow'" <tmchow@sfu.ca> Cc: <questions@FreeBSD.ORG> Sent: Tuesday, April 17, 2001 6:40 PM Subject: RE: ARP message filling my logs > I might be crazy here, but those logs look like something > that arpwatch would generate. If you're running arpwatch, > shut it down. If you're not running arpwatch, then you > will need to play with syslog.conf. In general, FreeBSD > ships with a very "noisy" syslog default configuration for > a normal desktop user. I'd try to figure what syslog > convention and level it's coming in as, and modify your > syslog.conf accordigly. There's a LOT of juicy information > in books and on the web about how to tune syslog. For a > REALLY detailed dissection of the syslog.conf file, give > chapter 8 of the book "Linux System Security" a read. It's > a good book to have around, a lot of it applies to Linux AND > many other OS's, but a lot of it's only useable in Linux, too. > > I don't know off the top of my head where you can get a good > tutorial about syslog off the Web. Sorry. > > Noah Dunker > Systems Analyst/Technician > Johnson County Community College > > > -----Original Message----- > From: Trevin Chow [mailto:tmchow@sfu.ca] > Sent: Tuesday, April 17, 2001 5:40 PM > To: Noah Dunker > Cc: questions@FreeBSD.ORG > Subject: RE: ARP message filling my logs > > > How can I ignore the messages? > > At 05:27 PM 4/17/2001 -0500, Noah Dunker wrote: > >DHCP Addresses rotating between computers, or if you're using a product > like > >MetaIP that gives each USER an IP Address based on Username (instead of by > >MAC address), this could easily be the cause. > > > >Noah Dunker > >Systems Analyst/Technician > >Johnson County Community College > > > >-----Original Message----- > >From: Trevin Chow [mailto:tmchow@sfu.ca] > >Sent: Tuesday, April 17, 2001 5:20 PM > >To: questions@FreeBSD.ORG > >Subject: ARP message filling my logs > > > > > >Hi, > > > >I'm getting these messages from my ISP's 2 nameservers. The messages are > >constantly flooding > >my console terminal and I'd like the insanity to stop :) > > > >/kernel: arp: 209.53.0.1 moved from 40:00:d1:35:3c:fe to 00:00:0c:35:17:f0 > >on fxp0 > >/kernel: arp: 209.53.0.17 moved from 40:00:d1:35:3c:fe to 00:00:0c:35:17:f0 > >on fxp0 > >/kernel: arp: 209.53.0.17 moved from 00:00:0c:35:17:f0 to 40:00:d1:35:3c:fe > >on fxp0 > > > >Why the heck would the MAC address keep changing? > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?009a01c0c790$e620c820$0200320a>