Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Arpwatch issues

    pfSense Packages
    4
    6
    4913
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      DomeDan last edited by

      I started looking into arpwatch after I got this error "Fatal error: Call to undefined function stop_service() in /usr/local/www/arpwatch_reports.php on line 37"
      which lead me to this post: http://forum.pfsense.org/index.php?topic=41057.0
      and the solution was "Hard drive was damaged and replaced. After that, everything was working well. Most likely the problem was this."
      I think that is very odd, because I started to look where stop_service() is declared and found it in this file /etc/inc/service-utils.inc
      which is not included in /usr/local/www/arpwatch_reports.php

      So I included service-utils.inc and the problem was solved, is this a miss by the author or how come service-utils.inc wasn't included?
      patch:

      --- arpwatch_reports.php	2012-06-29 14:33:58.000000000 +0200
      +++ arpwatch_reports_include_fix.php	2012-06-29 14:09:10.000000000 +0200
      @@ -30,6 +30,7 @@
       */
      
       require("guiconfig.inc");
      +require_once("service-utils.inc");
      
       $logfile = "/usr/local/arpwatch/arp.dat";
      
      

      Next issue:

      When I click on "Clear log" arp.dat is accessed but not cleared

      ls -l /usr/local/arpwatch/arp.dat

      -rw-r–r--  1 root  wheel  163 Jun 29 12:12 /usr/local/arpwatch/arp.dat

      clicks again, same result,
      third time it is cleared:

      ls -l /usr/local/arpwatch/arp.dat

      -rw-r–r--  1 root  wheel  0 Jun 29 12:17 /usr/local/arpwatch/arp.dat

      for some reason unlink does not work probably, but cant figure out why
      no errors shown in /var/log/lighttpd.error.log

      Last issue:

      This is what happens when I change interface in https://192.168.0.1/pkg_edit.php?xml=arpwatch.xml&id=0:

      clog -f /var/log/arpwatch.log

      Jun 29 11:52:54 FW arpwatch: listening on em0  #arpwatch is started and WLAN (em0) is choosen here
      Jun 29 12:18:29 FW arpwatch: exiting                #choose LAN
      Jun 29 12:18:31 FW arpwatch: listening on em0  #still on WLAN (em0)
      Jun 29 12:20:13 FW arpwatch: exiting                #choose LAN again
      Jun 29 12:20:15 FW arpwatch: listening on bge1 #this time the interface is changed to LAN (bge1)

      as you can see, the first time I choose LAN the interface is not changed, second time it changes the interface.

      This is because
      1. old config-file is parsed
      2. arpwatch is restarted with settings from old config
      3. new config-file is written with the new values

      It is solved by changing /usr/local/pkg/arpwatch.xml to $int = $_POST['interface'] instead of $config
      patch:

      --- arpwatch.xml	2012-06-29 14:13:59.000000000 +0200
      +++ arpwatch_POST_fix.xml	2012-06-29 14:07:07.000000000 +0200
      @@ -91,7 +91,7 @@
       		global $config;
                       conf_mount_rw();
                       config_lock();
      -		$int = $config['installedpackages']['arpwatch']['config'][0]['interface'];
      +		if($_POST['interface'] != "") { $int = $_POST['interface']; } else { $int = $config['installedpackages']['arpwatch']['config'][0]['interface']; }
       		$int = convert_friendly_interface_to_real_interface_name($int);
       		$start = "/usr/local/sbin/arpwatch -d -i {$int} > /var/log/arpwatch.reports 2>&1 &";
       		$stop = "/usr/bin/killall arpwatch";
      

      info:
      package: http://files.pfsense.org/packages/8/All/arpwatch-2.1.a15_6.tbz
      system: 2.0.1-RELEASE (i386) built on Mon Dec 12 18:24:17 EST 2011 FreeBSD 8.1-RELEASE-p6 (upgraded from 1.2.3-RELEASE )

      1 Reply Last reply Reply Quote 0
      • M
        MaxFrames last edited by

        Hi and thank you, you allowed me to solve the first problem (unable to clean the report).
        I don't have the other two problems, but I have another issue, like everyone who's using arpwatch on pfsense likely has.
        Which is, I need the pfsense box to email me when arpwatch does something.
        From the arpwatch logs, I can see that arpwatch is indeed trying to send me an email to notify me of changes to arp.dat, but cannot find /usr/bin/sendmail.
        I understand sendmail is not officially available in pfsense.
        Can you or anyone explain how (if at all possible) I can install and configure it, or else how can I get arpwatch to send me email?
        Thanks

        1 Reply Last reply Reply Quote 0
        • D
          dhatz last edited by

          Btw, once you test them, you can submit those bug-fixes to the pfsense public repository at GitHub (https://github.com/bsdperimeter/pfsense-packages).

          The steps to do this are:

          1. open an account at GitHub (if you don't have one already)
          2. fork pfsense-packages (or the other repositories as well)
          3. make changes
          4. open a pull request
          1 Reply Last reply Reply Quote 0
          • P
            phil.davis last edited by

            I just submitted a pull request and Jimp has merged it. It fixes the "not saving the interface name the first time" problem and makes the install work on 2.1 with the pbi file - the default arp.dat file location had changed and the package code was not aware. Now arp.dat is in /var/log. That also makes it work on nanobsd, where /usr is RO.
            Reinstall and confirm it goes.

            As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
            If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

            1 Reply Last reply Reply Quote 0
            • M
              MaxFrames last edited by

              I have just reinstalled the package.
              The version number did not change (2.1.a15_6).
              Reinstalling reintroduced the bug with being unable to clean the report.
              I had to edit the php file as per this topic again.

              1 Reply Last reply Reply Quote 0
              • D
                DomeDan last edited by

                Nice, thank you phil.davis for pushing it to github, I have a github acc but didnt know about that repository.

                now its just a few more bugs left  ::)
                the mail part is very important, I had this package running on a lan-party last week and forgot about it.
                when I checked the report I saw my server's mac-address on 3 ip-adresses, it was because i used linux-vserver but if it had been an arp poisoning I would not have notices untill I got ssl-warnings and slow network :P

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post