Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 28 Feb 1999 10:54:59 +1030
From:      Greg Lehey <grog@lemis.com>
To:        Jason Andrew Godfrey <godfreja@acm.cs.uwec.edu>, freebsd-questions@FreeBSD.ORG
Subject:   Re: syslog config question
Message-ID:  <19990228105459.R7279@lemis.com>
In-Reply-To: <Pine.LNX.4.04.9902262234300.21881-100000@dalamar.cs.uwec.edu>; from Jason Andrew Godfrey on Fri, Feb 26, 1999 at 10:38:55PM -0600
References:  <Pine.LNX.4.04.9902262234300.21881-100000@dalamar.cs.uwec.edu>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Friday, 26 February 1999 at 22:38:55 -0600, Jason Andrew Godfrey wrote:
> Hello.
>
> I've just setup a new FreeBSD 3.1 Release box, and I keep on getting
> messages like:
>
> xxx /kernal: arp: xxx.xxx.xxx.xxx moved from blah_mac_address to
> another_mac_address on vx0.
>
> I'd like for these messages to disappear. 

Then catch the person who's using the IP address.

> I figure I can do it with /etc/syslog.conf, but I'm not sure
> how. Normally I'd do some trial and error first, but right now a
> cracker has found this box interesting, and I don't want to risk
> missing log messages due to an error.
>
> Could anyone help me come with the magical formula to get this
> message to disapper?

Remove its cause, not the effect.  It's a serious message.  In any
case, the message comes from here, in /sys/netinet/if_arp.c:

		if (sdl->sdl_alen &&
		    bcmp((caddr_t)ea->arp_sha, LLADDR(sdl), sdl->sdl_alen))
			if (rt->rt_expire)
			    log(LOG_INFO, "arp: %s moved from %6D to %6D on %s%d\n",
				inet_ntoa(isaddr), (u_char *)LLADDR(sdl), ":",
				ea->arp_sha, ":",
				ac->ac_if.if_name, ac->ac_if.if_unit);
			else {
			    log(LOG_ERR,
				"arp: %6D attempts to modify permanent entry for %s on %s%d",
				ea->arp_sha, ":", inet_ntoa(isaddr),
				ac->ac_if.if_name, ac->ac_if.if_unit);
			    goto reply;
			}

The message is written to the kernel log at the priority LOG_INFO.  If
you want, you can stop LOG_INFO messages with syslog.conf, but you'll
lose *all* info messages.  If you really want to do this, I'd suggest
you change the code above instead: omit the log call.

Greg
--
See complete headers for address, home page and phone numbers
finger grog@lemis.com for PGP public key


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990228105459.R7279>