Date: Sun, 28 Feb 1999 10:54:59 +1030 From: Greg Lehey <grog@lemis.com> To: Jason Andrew Godfrey <godfreja@acm.cs.uwec.edu>, freebsd-questions@FreeBSD.ORG Subject: Re: syslog config question Message-ID: <19990228105459.R7279@lemis.com> In-Reply-To: <Pine.LNX.4.04.9902262234300.21881-100000@dalamar.cs.uwec.edu>; from Jason Andrew Godfrey on Fri, Feb 26, 1999 at 10:38:55PM -0600 References: <Pine.LNX.4.04.9902262234300.21881-100000@dalamar.cs.uwec.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Friday, 26 February 1999 at 22:38:55 -0600, Jason Andrew Godfrey wrote: > Hello. > > I've just setup a new FreeBSD 3.1 Release box, and I keep on getting > messages like: > > xxx /kernal: arp: xxx.xxx.xxx.xxx moved from blah_mac_address to > another_mac_address on vx0. > > I'd like for these messages to disappear. Then catch the person who's using the IP address. > I figure I can do it with /etc/syslog.conf, but I'm not sure > how. Normally I'd do some trial and error first, but right now a > cracker has found this box interesting, and I don't want to risk > missing log messages due to an error. > > Could anyone help me come with the magical formula to get this > message to disapper? Remove its cause, not the effect. It's a serious message. In any case, the message comes from here, in /sys/netinet/if_arp.c: if (sdl->sdl_alen && bcmp((caddr_t)ea->arp_sha, LLADDR(sdl), sdl->sdl_alen)) if (rt->rt_expire) log(LOG_INFO, "arp: %s moved from %6D to %6D on %s%d\n", inet_ntoa(isaddr), (u_char *)LLADDR(sdl), ":", ea->arp_sha, ":", ac->ac_if.if_name, ac->ac_if.if_unit); else { log(LOG_ERR, "arp: %6D attempts to modify permanent entry for %s on %s%d", ea->arp_sha, ":", inet_ntoa(isaddr), ac->ac_if.if_name, ac->ac_if.if_unit); goto reply; } The message is written to the kernel log at the priority LOG_INFO. If you want, you can stop LOG_INFO messages with syslog.conf, but you'll lose *all* info messages. If you really want to do this, I'd suggest you change the code above instead: omit the log call. Greg -- See complete headers for address, home page and phone numbers finger grog@lemis.com for PGP public key To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990228105459.R7279>