From 6d99e421e98222e0226e82446c47d772b7c4112a Mon Sep 17 00:00:00 2001
From: Vladimir Vitkov <vvitkov@linux-bg.org>
Date: Thu, 5 Nov 2015 19:59:53 +0200
Subject: [PATCH] ArpWatch - add config

 * Full config for arpwatch
 * Closes #49
---
 monitoring/arpwatch/README.md              | 15 +++++++++++++++
 monitoring/arpwatch/aliases                |  1 +
 monitoring/arpwatch/arpwatch.conf          |  8 ++++++++
 monitoring/arpwatch/rsyslogd-arpwatch.conf |  2 ++
 4 files changed, 26 insertions(+)
 create mode 100644 monitoring/arpwatch/README.md
 create mode 100644 monitoring/arpwatch/aliases
 create mode 100644 monitoring/arpwatch/arpwatch.conf
 create mode 100644 monitoring/arpwatch/rsyslogd-arpwatch.conf

diff --git a/monitoring/arpwatch/README.md b/monitoring/arpwatch/README.md
new file mode 100644
index 0000000..bb3c1fc
--- /dev/null
+++ b/monitoring/arpwatch/README.md
@@ -0,0 +1,15 @@
+# ArpWatch
+Monitor stations on network
+
+# Prerequisites
+vlans
+arpwatch
+
+# Notes
+* Ignore main interface on which vlans are set
+
+# Configuration
+* Add alias to drop the emails that are being sent
+* add filter to syslog (rsyslog) to direct messages to special file
+* fix arpwatch.conf to start daemon per interface (look at notes above)
+* go
diff --git a/monitoring/arpwatch/aliases b/monitoring/arpwatch/aliases
new file mode 100644
index 0000000..6f37c6e
--- /dev/null
+++ b/monitoring/arpwatch/aliases
@@ -0,0 +1 @@
+nukemailz: /dev/null
diff --git a/monitoring/arpwatch/arpwatch.conf b/monitoring/arpwatch/arpwatch.conf
new file mode 100644
index 0000000..334298c
--- /dev/null
+++ b/monitoring/arpwatch/arpwatch.conf
@@ -0,0 +1,8 @@
+# prod setup
+eth0 -m nukemailz
+#eth1 -m nukemailz
+eth1.100 -m nukemailz
+eth1.101 -m nukemailz
+eth1.102 -m nukemailz
+eth1.103 -m nukemailz
+eth1.104 -m nukemailz
diff --git a/monitoring/arpwatch/rsyslogd-arpwatch.conf b/monitoring/arpwatch/rsyslogd-arpwatch.conf
new file mode 100644
index 0000000..f555952
--- /dev/null
+++ b/monitoring/arpwatch/rsyslogd-arpwatch.conf
@@ -0,0 +1,2 @@
+# log arpwatch in a separate file
+if $programname == 'arpwatch' then /var/log/arpwatch.log