Hi, I have been trying to configure arpwatch on my Linux LAN. arpwatch has no configuration parameter which allows me to send logs to a particular file and all the logs are being sent to /var/log/messages. Can someone please explain how to stop a daemon like arpwatch to stop populating /var/log/messages and instead redirect all logs to some other file say /var/log/arpwatch.log. I guess I need to modify /etc/syslog.conf in order to accomplish this. I modified /etc/syslog.conf and it now looks like:
================== # Log all kernel messages to the console. # Logging much else clutters up the screen. #kern.* /dev/console
# Log anything (except mail) of level info or higher. # Don't log private authentication messages! *.info;mail.none;authpriv.none;cron.none /var/log/messages
# The authpriv file has restricted access. authpriv.* /var/log/secure
# Log all the mail messages in one place. mail.* -/var/log/maillog
# Log cron stuff cron.* /var/log/cron
# Everybody gets emergency messages *.emerg *
# Save news errors of level crit and higher in a special file. uucp,news.crit /var/log/spooler
# Save boot messages also to boot.log local7.* /var/log/boot.log
!arpwatch *.* /var/log/arpwatch.log
=================
Now all my logs for arpwatch are getting recorded to /var/log/arpwatch.log along with /var/log/messages. However I'm still unable to stop arpwatch from populating /var/log/messages.
Regards, Mayank