Logo
Sign in
  1. Logpoint Service Desk
  2. Products Hub
  3. Marketplace

ARP Guard

Avatar Manjul Bhattarai
May 08, 2024 05:35
Follow

General Description

The ARPGuard application normalizes ARPGuard events. You can further customize the searches to perform in-depth analysis.

For LogPoint v6.7.0 or later For LogPoint v6.0.0 to v6.6.6

Release Details

Fields

Details

Name

ARPGuard

Version

5.0.1

Supported On

LogPoint v6.7.0 and later

Release Date

2020-05-14
Document Date 2020-05-14
Download ARPGuard_5.0.1.pak
SHA256

4e8c031fa4e8c7152db61e842e076d51f7d046136085f6d30ad478d1473e87ce


Package Details

The application consists of the following components:

  1. Normalization Package
    • LP_ARP Guard
  2. Compiled Normalizer
    • ARPGuardCompiledNormalizer

Enhancement

A minor update has been done in the application’s normalizer for better signature handling.

Installation 

Follow these steps to install the ARPGuard v5.0.1 application:

  1. Download the ARPGuard package from the Download section above.
  2. Add ARPGuard as the required device in LogPoint.
  3. Create a collection policy with the Syslog collector and appropriate processing policy. 
  4. Assign the policy to the device.

Supported Device

The supported device of ARPGuard with LogPoint in this configuration is:

  • ARP Guard 

Log Format

Expected Log Format

Syslog

Log Sample

<5>Aug 24 13:39:52 ARP-GUARD: New AAA event "start" message "Note: Device has been authenticated" client MAC "XX-XX-XX-XX-XX-XX" switch IP "1.1.1.1" switch port "X" RADIUS called station ID "XX-XX-XX-XX-XX-XX:AAAAAAAAA"

To export data to LogPoint, use Syslog collector on port 514 on the LogPoint server.

Release Details

Fields

Details

Name

ARPGuard

Version

3.2.0

Supported On

LogPoint v6.0.0 to v6.6.6

Release Date

2020-05-14
Document Date 2020-05-14
Download ARPGuard_3.2.0.pak
SHA256

9dd66ca33d0960bb309d5151c4fd5d9d24ffa5b4a8660ac2d8241767639bccb6


Package Details

The application consists of the following components:

  1. Normalization Package
    • LP_ARP Guard
  2. Compiled Normalizer
    • ARPGuardCompiledNormalizer

Enhancement

A minor update has been done in the application’s normalizer for better signature handling.

Installation 

Follow these steps to install the ARPGuard v3.2.0 application:

  1. Download the ARPGuard package from the Download section above.
  2. Add ARPGuard as the required device in LogPoint.
  3. Create a collection policy with the Syslog collector and appropriate processing policy. 
  4. Assign the policy to the device.

Supported Device

The supported device of ARPGuard with LogPoint in this configuration is:

  • ARP Guard 

Log Format

Expected Log Format

Syslog

Log Sample

<5>Aug 24 13:39:52 ARP-GUARD: New AAA event "start" message "Note: Device has been authenticated" client MAC "XX-XX-XX-XX-XX-XX" switch IP "1.1.1.1" switch port "X" RADIUS called station ID "XX-XX-XX-XX-XX-XX:AAAAAAAAA"

To export data to LogPoint, use Syslog collector on port 514 on the LogPoint server.

 

Support

If you have any queries or require assistance, please feel free to contact our support team: 

Email: servicedesk@logpoint.com
Phone: +45 7060 6100

Best regards,
untitled.svg

Comments

Article is closed for comments.

Related articles

  • Artica Proxy
  • ChatGPT Integration
  • Logpoint Agent Collector
  • Arbor Networks
  • Asterisk
Was this article helpful?
0 out of 0 found this helpful
Privacy policy    EULA    Terms of service   
Copyright © , Logpoint. All rights reserved.

Note: We use cookies that are essential for the smooth functioning of our website.