search

fln / addrwatch

A tool similar to arpwatch for IPv4/IPv6 and ethernet address pairing monitoring.
GNU General Public License v3.0
184 stars 30 forks source link

Addrwatch: output time #17

Open SmajlikSvK opened 4 years ago

SmajlikSvK commented 4 years ago

Hello, please can you add a parameter for the startup addrwatch program to change the view of output time in human-readable date? Thanks

fln commented 4 years ago

Text output (stdout) of the addrwatch or addrwatch_stdout is designed to be consumed by other applications. Using unix timestamps instead of human readable time makes it easier to unambiguously parse data values.

For output analysis by human beings I would recommend using addrwatch_syslog output module. When started this module will log all addrwatch entries to system log. Example:

Terminal 1:

$ ./src/addrwatch         # Start main addrwatch service in deamon mode
$ ./src/addrwatch_syslog  # Start sylog output service

Terminal 2:

$ tail -f /var/log/daemon.log
Feb 23 16:42:15 host addrwatch: 1582468935 eth0 0 08:00:27:b4:fd:00 172.16.0.212 ARP_REQ
Feb 23 16:42:47 host addrwatch: 1582468966 eth0 0 08:00:27:71:69:5f 172.16.0.2 ARP_REP