Hello,

with the flag "ip_change", the ip address is not checked, and the alert
ip_change is not send.

if this mac address is in the maclist.allow, the detection alerts are
disabled for this ip.

in your logs (at the end of your mail), I do not see the mac adress
'00:1b:fc:34:09:35'.

if you want to disable alerts for the mac '00:1b:fc:34:09:35', you must
add it into the maclist.allow.

Thierry

> Hello,
>
> I have in my maclist.allow following entries like this one :
> 00:1b:fc:34:09:35 192.168.0.215 rl0 ip_change
>
> ...but I'm receiving notifications about "Intrusion detection"
>
> Am I missing something ? Strange is that for others entries is working,
> but today I just received warning for 3 IPs, maybe due to the DHCP lease
> timeout....
>
> Thank you.
>
> BK
>
> /!\ Intruder Detected /!
>
> Intrusion time stamp : Fri, 2 Oct 2009 07:05:54 +0200
>
> Intruder FQDN :
> Intruder IP Address : 169.254.135.192
> Intruder MAC Address : 00:1e:c1:57:87:c0
> Type of alert : rl0
>
>
> ...after while (DHCP assign IP) :
>
> /!\ Intruder Detected /!
>
> Intrusion time stamp : Fri, 2 Oct 2009 07:10:18 +0200
>
> Intruder FQDN : 3comswitch.priv.domain.com
> Intruder IP Address : 192.168.0.199
> Intruder MAC Address : 00:1e:c1:57:87:c0
> Type of alert : rl0
>
>
>
>
>
>
>
> --
> To unsubscribe send a mail to list+unsubscribe_at_arpalert.org
>
>

-- 
To unsubscribe send a mail to list+unsubscribe_at_arpalert.org