From andre.albsmeier@mchp.siemens.de  Tue Nov 21 23:50:58 2000
Return-Path: <andre.albsmeier@mchp.siemens.de>
Received: from david.siemens.de (david.siemens.de [192.35.17.14])
	by hub.freebsd.org (Postfix) with ESMTP id E9BA237B4D7
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 21 Nov 2000 23:50:56 -0800 (PST)
Received: from mail1.siemens.de (mail1.siemens.de [139.23.33.14])
	by david.siemens.de (8.11.0/8.11.0) with ESMTP id eAM7otu14940
	for <FreeBSD-gnats-submit@freebsd.org>; Wed, 22 Nov 2000 08:50:55 +0100 (MET)
Received: from curry.mchp.siemens.de (curry.mchp.siemens.de [139.25.42.7])
	by mail1.siemens.de (8.11.0/8.11.0) with ESMTP id eAM7osQ03460
	for <FreeBSD-gnats-submit@freebsd.org>; Wed, 22 Nov 2000 08:50:55 +0100 (MET)
Received: (from localhost)
	by curry.mchp.siemens.de (8.11.1/8.11.1) id eAM7os249887
	for FreeBSD-gnats-submit@freebsd.org; Wed, 22 Nov 2000 08:50:54 +0100 (CET)
Message-Id: <200011220750.eAM7osu72457@curry.mchp.siemens.de>
Date: Wed, 22 Nov 2000 08:50:54 +0100 (CET)
From: Andre Albsmeier <andre.albsmeier@mchp.siemens.de>
To: FreeBSD-gnats-submit@freebsd.org
Subject: [PATCH] for arpwatch to log PID to syslog
X-Send-Pr-Version: 3.2

>Number:         23017
>Category:       ports
>Synopsis:       [PATCH] for arpwatch to log PID to syslog
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Wed Nov 22 00:00:01 PST 2000
>Closed-Date:    Fri Nov 24 21:52:28 PST 2000
>Last-Modified:  Fri Nov 24 21:53:41 PST 2000
>Originator:     Andre Albsmeier
>Release:        FreeBSD 4.2-BETA i386
>Organization:
>Environment:

Systems running multiple arpwatch processes

>Description:

When arpwatch logs to syslog a typical entry can look like this:

arpwatch: bogon 179.23.184.1 0:e0:a3:22:0:a0

When multiple instances of arpwatch are running on the same machine
but on different ethernet cards, it is difficult to find out which
arpwatch process has logged to syslog.

>How-To-Repeat:

I, for example, have a machine with three fxp cards. I am running:

USER     PID  PPID   VSZ  RSS  TT  STARTED      TIME COMMAND
root     944     1  2372 1968  ??   6:49AM   0:00.23 arpwatch -i fxp2 -f arp-fxp2.dat
root     936     1  2372 1968  ??   6:49AM   0:00.23 arpwatch -i fxp1 -f arp-fxp1.dat
root     929     1  2368 1964  ??   6:49AM   0:00.23 arpwatch -i fxp0 -f arp-fxp0.dat

With the above syslog entry, it is very hard to determine on which of
the three wires the bogon appeared and where I have to look for the
user rip his head off :-)

>Fix:

A small patch makes the syslog message contain the pid:

--- arpwatch.c.orig	Sat Oct 14 04:07:35 2000
+++ arpwatch.c	Wed Nov 22 08:40:40 2000
@@ -251,7 +251,7 @@
 		}
 	}
 
-	openlog(prog, 0, LOG_DAEMON);
+	openlog(prog, LOG_PID, LOG_DAEMON);
 
 	if (chdir(arpdir) < 0) {
 		syslog(LOG_ERR, "chdir(%s): %m", arpdir);

>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: dougb 
State-Changed-When: Fri Nov 24 21:52:28 PST 2000 
State-Changed-Why:  

It's more appropriate to submit a patch like this to the 
port's author.  

http://www.freebsd.org/cgi/query-pr.cgi?pr=23017 
>Unformatted:
