This is an old revision of the document!
====== Analyzer arp ====== This analyzer listens to ARP packets and generates events out of them. Its main goal is to monitor ARP activity and provide useful information if the pair IP/MAC changes. ===== Events ===== ^ Name ^ Payload associated ^ Description ^ |arp_new_sta|no|New station found.| |arp_sta_changed|no|Station MAC address changed.| ==== arp_new_sta ==== This event is generated when a new station is found. ^ Field ^ Type ^ Description ^ |mac_addr|mac|MAC address of the station.| |ip_addr|ipv4|IPv4 address of the station.| |input|string|Input name from which the event was observed.| ==== arp_sta_changed ==== This event is generated the MAC address of a station changed. ^ Field ^ Type ^ Description ^ |old_mac_addr|mac|Old known MAC address of this station.| |new_mac_addr|mac|New MAC address observed for this station.| |ip_addr|ipv4|IPv4 address of the station.| |input|string|Input name from which the event was observed.|