I am using arp-scan in a bash script to verify that a host is reachable. I have the script setup as a cron job that runs every minute and /var/log/syslog is filling up with the arp-scan output.
I have tried -q and –quiet and I don't see that it has any effect on the command line output or the syslog messages. Is this flag broken on arp-scan 1.6?
Is there another way to prevent the syslog messages?
I realize it isn't the end of the world (it's only two lines every minute), but I would rather not see it in there, if possible.
The following lines appear in /var/log/syslog and /var/log/messages:
Jul 16 08:28:01 debian arp-scan[9428]: Starting: arp-scan 192.168.1.1 -I eth0
Jul 16 08:28:01 debian arp-scan[9428]: Ending: 1 hosts scanned in 0.150 seconds (6.67 hosts/sec). 1 responded
Jul 16 08:28:01 debian arp-scan[9440]: Starting: arp-scan 192.168.1.6 -I eth0
Jul 16 08:28:02 debian arp-scan[9440]: Ending: 1 hosts scanned in 0.165 seconds (6.06 hosts/sec). 1 responded
Here is the cron line for my script:
* * * * * root /root/monitor
Update
I tried both appending both > /dev/null and 2>&1 /dev/null and neither stopped the arp-scan output.
Solution
Placed the following filter in /etc/rsyslog.conf:
#
# Don't log arp-scan output
#
:programname, isequal, "arp-scan" ~
Best Answer
If you are using rsyslogd you should be able to write a filter to remove it as shown here.