From owner-freebsd-questions Tue Apr 17 15:50:29 2001 Delivered-To: freebsd-questions@freebsd.org Received: from mail.akalink.com (akalink.com [64.23.81.14]) by hub.freebsd.org (Postfix) with SMTP id 0A89137B422 for ; Tue, 17 Apr 2001 15:50:25 -0700 (PDT) (envelope-from jfortin@akalink.com) Received: (qmail 16300 invoked from network); 17 Apr 2001 21:48:58 -0000 Received: from unknown (HELO gmoto) (64.23.81.14) by akalink.com with SMTP; 17 Apr 2001 21:48:58 -0000 Message-ID: <009a01c0c790$e620c820$0200320a@gmoto> From: "Jonathan Fortin" To: References: Subject: Re: ARP message filling my logs Date: Tue, 17 Apr 2001 18:51:11 -0400 Organization: Akalink MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG It has nothing to do with syslog, arpwatch.or Linux system security. sysctl -w net.link.ether.inet.log_arp_wrong_iface=0 will stop logging those events ----- Original Message ----- From: "Noah Dunker" To: "'Trevin Chow'" Cc: Sent: Tuesday, April 17, 2001 6:40 PM Subject: RE: ARP message filling my logs > I might be crazy here, but those logs look like something > that arpwatch would generate. If you're running arpwatch, > shut it down. If you're not running arpwatch, then you > will need to play with syslog.conf. In general, FreeBSD > ships with a very "noisy" syslog default configuration for > a normal desktop user. I'd try to figure what syslog > convention and level it's coming in as, and modify your > syslog.conf accordigly. There's a LOT of juicy information > in books and on the web about how to tune syslog. For a > REALLY detailed dissection of the syslog.conf file, give > chapter 8 of the book "Linux System Security" a read. It's > a good book to have around, a lot of it applies to Linux AND > many other OS's, but a lot of it's only useable in Linux, too. > > I don't know off the top of my head where you can get a good > tutorial about syslog off the Web. Sorry. > > Noah Dunker > Systems Analyst/Technician > Johnson County Community College > > > -----Original Message----- > From: Trevin Chow [mailto:tmchow@sfu.ca] > Sent: Tuesday, April 17, 2001 5:40 PM > To: Noah Dunker > Cc: questions@FreeBSD.ORG > Subject: RE: ARP message filling my logs > > > How can I ignore the messages? > > At 05:27 PM 4/17/2001 -0500, Noah Dunker wrote: > >DHCP Addresses rotating between computers, or if you're using a product > like > >MetaIP that gives each USER an IP Address based on Username (instead of by > >MAC address), this could easily be the cause. > > > >Noah Dunker > >Systems Analyst/Technician > >Johnson County Community College > > > >-----Original Message----- > >From: Trevin Chow [mailto:tmchow@sfu.ca] > >Sent: Tuesday, April 17, 2001 5:20 PM > >To: questions@FreeBSD.ORG > >Subject: ARP message filling my logs > > > > > >Hi, > > > >I'm getting these messages from my ISP's 2 nameservers. The messages are > >constantly flooding > >my console terminal and I'd like the insanity to stop :) > > > >/kernel: arp: 209.53.0.1 moved from 40:00:d1:35:3c:fe to 00:00:0c:35:17:f0 > >on fxp0 > >/kernel: arp: 209.53.0.17 moved from 40:00:d1:35:3c:fe to 00:00:0c:35:17:f0 > >on fxp0 > >/kernel: arp: 209.53.0.17 moved from 00:00:0c:35:17:f0 to 40:00:d1:35:3c:fe > >on fxp0 > > > >Why the heck would the MAC address keep changing? > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message