ARPWatch add-ons: mail2sql converter and web-interface ====================================================== See sample-output/*.html for getting answer to questions like "what is it?" and "why it's needed?" Written at Nov 2007, Sep 2008 by ilya.evseev@gmail.com Note: For small network, you can don't use SQL database at all. In this case, skip steps 1,2,4. ------------------------------------------------------ 1) Create MySQL table: mysql> create database arpwatch-db; mysql> use arpwatch-db; mysql> source /path/to/arpwatch.sql ------------------------------------------------------ 2) Register MySQL users: mysql> grant insert on arpwatch-db.arpwatch to arpwatch2sql@localhost identified by 'VerSecretPassword1'; mysql> grant select on arpwatch-db.arpwatch to arpwatch2cgi@localhost identified by 'VerSecretPassword2'; mysql> flush privileges; ------------------------------------------------------ 3) Run arpwatch: arpwatch -m arpwatch ... User "arpwatch" must be already presented in system. Usualy this is performed by system software manager when you install arpwatch package. Local mail server (postfix or sendmail) must be running. Check /var/lib/arpwatch/arp.dat state file and /var/mail/arpwatch mailbox for updates. ------------------------------------------------------ 4) Insert into cron: /path/to/arpwatch2sql | mysql -h localhost -u arpwatch2sql -pVerySecretName1 arpwatch-db Check that /var/mail/arpwatch mailbox is cleared after this and arpwatch-db.arpwatch table is filled by data. ------------------------------------------------------ 5) Put into /cgi-bin/ directory: - WebUtils.pm - arpwatch.cgi - arpwatch-topstats.cgi Additional Perl modules: - DBI (optional for SQL database only, see below) - CGI - Date::Parse ------------------------------------------------------ 6) Edit webutils_utminit() routine in WebUtils.pm module: Replace DBI->connect() args by actual settings ... Or completely remove all contents of this routine for reading mailbox only and skipping SQL database. Also comment "use DBI" line. Check that all is runnable using "perl -c arpwatch.cgi" ------------------------------------------------------ 7) Allow Web-server to read /var/mail/arpwatch directly Use "chmod a+r ..." or "chgrp www-data ...; chmod g+r ...". ------------------------------------------------------ 8) arpwatch_nomail.patch It can be applied to sources of arpwatch for replacing mail messages by per-event files in /var/log/arpwatch. This folder must be created before running of modified arpwatch: d=/var/log/arpwatch mkdir $d chgrp arpwatch $d chmod g=rwx,o=rx $d Both arpwatch2sql and arpwatch.cgi supports file mode automatically. In file mode, arpwatch binary has smaller size and does not require local MTA. ------------------------------------------------------ Enjoy!