arphound.conf - arphound LAN monitoring configuration file
The arphound.conf file is the configuration file for arphound. It defines options specific to the network configuration and options to fine-tune its output.
A line is composed by a key followed by one or more spaces and the associated value. A value can be a string, an integer (in any form recognized by strtol) or a boolean (true, yes, 1 for true and false, no or 0 for false) If the first character of a line is a hash mark (``#''), the line is considered to be a comment and is ignored.
This is a sample configuration file:
# Allow command-line arguments to override this parameters? AllowOverride true # Run as a daemon RunAsDaemon true # Enable file logging LogToFile yes # Name of a file to log to, if LogToFile is true LogFileName /var/log/arphound.log LogToSyslog yes # Also log to stdout, useless if in daemon mode LogToStdOut yes # Also log IP/MAC couple discovery LogDiscover yes # Also log DHCP request/replies LogDHCP yes # Also log IP which have no RDNS LogDNS no # Interval between two logs for one MAC changing IP mutiples times #IPCHANGELogInterval 40 # Interval between two logs for an IP conflict #IPCONFLICTLogInterval 40 # Default interval between two logs for any other kind of trouble #TroubleLogInterval 300 # Interval between two logs for each trouble type. # If unspecified, TroubleLogInterval will be used. #DHCPREQUESTLogInterval 300 #DHCPREPLYLogInterval 300 #PACKETSELFLogInterval 300 #PACKET_IN_AUTOCONFIGURE_NETWORKLogInterval 300 #ARPREQUEST_OUTLogInterval 300 #ARPREPLY_OUTLogInterval 300 #ARPREPLY_SOURCE_MISMATCHLogInterval 300 #ARPREQUEST_SOURCE_MISMATCHLogInterval 300 #ARPREPLY_BROADCASTLogInterval 300 #PACKET_SOURCE_MISMATCHLogInterval 300 #PACKET_DESTINATION_MISMATCLogInterval 300 #DHCPSERVERLogInterval 300 # Name of the interface to use, or auto to let libpcap decide NetworkInterface auto # IP of the machine (or any IP in the subnet) IP 192.168.0.1 # NetMask NetMask 255.255.0.0 # Address of DNS server DNSServer 192.168.0.1 # Addresses of DHCP server(s) # If at least one is specified, DHCP reply comming from other MACs will be logged. #DHCPServer 00:de0:ad:be:ef:01 #DHCPServer 00:de0:ad:be:ef:02 # Gateways, any packet going or coming from outside not using the MAC # of a gateway with a good route is logged : # Gateway <RouteIP> <RouteMask> <GatewayIP> <GatewayMAC> Gateway 192.168.1.0 255.255.255.0 192.168.0.2 00:de:ad:be:ef:00 # Gateway for the default route Gateway 0.0.0.0 0.0.0.0 192.168.0.1 00:de:ad:be:ef:01 # Critical couples (gateway, DNS servers, NIS servers, ...) # any log event concerning an IP or MAC in a critical couple will be # logged with a "!" tag CriticalCouple 192.168.0.1 00:de:ad:be:ef:01