[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Any way to suppress select arp messages?
First, thanks to Christos for the suggested patch.
The log_arp_movements sysctl is a helpful knob that defaults to alerting people
when IP/ARP associations change, since that is generally unexpected unless some
form of load-balancing or failover is in place (VRRP, CARP, HAST, etc), just as
log_arp_wrong_iface can be helpful to detect layer-2 loops or mis-cabling a
multi-homed router/firewall box. :-)
I wasn't as familiar with log_arp_permanent_modify. While I'm aware of a few
environments which use permanent ARP tables (/etc/ethers?), places big enough
where that would make a significant difference also tend to be big enough that
routers are using VRRP, your data-center guys end up swapping out a failed box
out of the hundreds in the racks every month or so, and so forth such that you
still do dynamic arps anyway.
On Aug 27, 2011, at 10:29 AM, Michael T. Davis wrote:
> I appreciate this, thanks. As I mentioned in the original message,
> there are cases where we'd like to see these notifications, so a selective
> approach is what's needed. If all else fails, though, I can give this a try.
Second, perhaps something like arpwatch might help address your goals:
At some point we've moved away from stuff that needs to be in the kernel
towards a monitoring purpose that might be better handled in userland....
Main Index |
Thread Index |