arpwatch can't start. You have to touch /var/lib/arpwatch/arp.dat by yourself. Reproducible: Always Steps to Reproduce: 1. emerge arpwatch 2. ltrace arpwatch -d 3. open your eyes :-) Actual Results: nothing Expected Results: working ;-)
Yup, same thing here. I did etc-update just to make sure it wasn't one of those issue, but I still get the error. per step 2 I did an ltrace and got the same result: __libc_start_main(0x08049674, 2, 0xbffff784, 0x0804c7c0, 0x0804c808 <unfinished ...> strrchr("arpwatch", '/') = NULL getopt(2, 0xbffff784, "adf:i:m:n:Npr:s:") = 100 getopt(2, 0xbffff784, "adf:i:m:n:Npr:s:") = -1 pcap_lookupdev(0xbffff620) = "eth0" pcap_lookupnet("eth0", 0x804e97c, 0x804e980, 0xbffff620) = 0 openlog("arpwatch", 0, 24) = <void> chdir("/var/lib/arpwatch") = -1 syslog(3, "chdir(%s): %m", "/var/lib/arpwatch") = <void> syslog(3, "(using current working directory"...) = <void> pcap_open_live("eth0", 49, 1, 1000, 0xbffff620) = 0x81913c8 getgid() = 0 setgid(0) = 0 getuid() = 0 setuid(0) = 0 pcap_datalink(0x081913c8, 49, 1, 1000, 0xbffff620) = 1 pcap_compile(0x81913c8, 0xbffff5f8, "arp or rarp", 1, 0xffffff) = 0 pcap_setfilter(0x081913c8, 0xbffff5f8, 0x0804ca80, 1, 0x00ffffff) = 0 syslog(6, "listening on %s", "eth0") = <void> fopen("arp.dat", "r") = 0 syslog(3, "fopen(%s): %m", "arp.dat") = <void> exit(1 <unfinished ...> Checked the man pages just to make sure this wasn't an intended behavior and, nope it wasn't. One thing I will mention, I'd be contacting the author/author's bug support as well and linking them to this bug. It would be benificial to not just gentoo users, but all users that utilize arpwatch.
OK, good point. I just emailed Craig about it.
I think you are supposed to start arpwatch with /etc/init.d/arpwatch start Before doing so you should probably have a look in /etc/conf.d/arpwatch and set the interfaces you want to be listening on. Still, its a valid bug.
One thing I will add is that the code should probably check to see if the directory exists. I checked for /var/lib/arpwatch but didn't find it. So some basic pseudo code: if directory /var/lib/arpwatch doesn't exist create it open arp.dat for reading and create if it doesn't exist ( can't remember the exact open flag for that). I think that's where the issue lies. Might pass that on to the author as well.
The problem seems to be that arpwatch by default creates arp/ip database files in /var/lib/arpwatch but in Gentoo we put them in /var/arpwatch (this is specified in /etc/init.d/arpwatch). If you want to run it from the command line then you can specify the database file with the -f switch. IMHO it is cleaner to change the ebuild to ./configure arpwatch to use another file. If this is not possible that could be considered as a bug and should be moved upstream.
if you start it with the init script, it will work fine. i don't see a solution for gentoo here.
Just emerge arpwatch-2.1.11-r1, and although it starts fine, it still reports to syslog: Aug 13 17:08:02 asara arpwatch: chdir(/var/lib/arpwatch): No such file or directory Aug 13 17:08:02 asara arpwatch: (using current working directory) Aug 13 17:08:02 asara arpwatch: listening on eth0 Aug 13 17:08:02 asara arpwatch: chdir(/var/lib/arpwatch): No such file or directory Aug 13 17:08:02 asara arpwatch: (using current working directory) Aug 13 17:08:02 asara arpwatch: listening on eth1 ... So I just symlinked /var/arpwatch to /var/lib/arpwatch, which makes all the bad things go away. Is there a specific reason Gentoo keeps it in /var, while a *lot* of other services keep their data in /var/lib?
