hi !
Just add "arpwatch.none" to the end of this line
# Log anything (except mail) of level info or higher. # Don't log private authentication messages! *.info;mail.none;authpriv.none;cron.none /var/log/messages
Like this :
*.info;mail.none;authpriv.none;cron.none;*arpwatch.none * /var/log/messages
!arpwatch *.* /var/log/arpwatch.log
=================
Now all my logs for arpwatch are getting recorded to /var/log/arpwatch.log along with /var/log/messages. However I'm still unable to stop arpwatch from populating /var/log/messages.
That might help
Found some info about this out here: http://red_techstuff.blogspot.com/2004/08/how-to-configure-syslogconf-custom... and http://www.redhat.com/docs/manuals/enterprise/RHEL-AS-2.1-Manual/cluster-man...
Regards, Nandan.